Security

How Long Can We Blame Our Cybersecurity Failures On Rapid Proliferation of Technology?

Copy article link
We know by now that connected devices create a cybersecurity risk, yet we continue to connect devices. Big IoT hacks are widely reported, but we still demand smart buildings. Survey after survey shows that executives see cyberattacks as the biggest issue for the IoT, yet the same surveys show that the vast majority of companies will invest heavily in the IoT regardless. We know that cyberattacks can lead to massive financial and reputational damage, but we still purchase and integrate vulnerable technology. The obvious conclusion to draw from these truths is that cybersecurity is not that important, at least not to purchasing decisions. “Before the IoT revolution, most buildings’ systems tended to be self-contained and therefore safe from hackers. This began to change with the introduction of remote management via permanently connected smart sensors,” says Nick Morgan, information security manager at property investor Derwent London. “In the past, it was an afterthought. You get Norton […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Want a Corporate or Group subscription? Get in touch.
Email us at: support@memoori.com

We know by now that connected devices create a cybersecurity risk, yet we continue to connect devices. Big IoT hacks are widely reported, but we still demand smart buildings. Survey after survey shows that executives see cyberattacks as the biggest issue for the IoT, yet the same surveys show that the vast majority of companies will invest heavily in the IoT regardless. We know that cyberattacks can lead to massive financial and reputational damage, but we still purchase and integrate vulnerable technology. The obvious conclusion to draw from these truths is that cybersecurity is not that important, at least not to purchasing decisions.

“Before the IoT revolution, most buildings’ systems tended to be self-contained and therefore safe from hackers. This began to change with the introduction of remote management via permanently connected smart sensors,” says Nick Morgan, information security manager at property investor Derwent London. “In the past, it was an afterthought. You get Norton 360 and then you move on.”

Smart Buildings and the IoT are no longer new technology ecosystems, at least not in the context of understanding that there is a cybersecurity risk. We know by now that we cannot just install off-the-shelf anti-virus software and expect it to keep our buildings safe, but many building managers still neglect the need for sophisticated approaches to cybersecurity. Even when the vulnerabilities are exposed and the managers responsible are made aware, we still see buildings ignoring the issue and those trying to help them.

“I was able to contact someone [at WeWork when we discovered a vulnerability] and they quickly changed their systems, but often I can’t get any kind of response from people in this industry,” says Craig Young, principal security researcher at Tripwire, a provider of threat-detection software. “For instance, I know there’s a company in the construction-safety field that seems to be exposing its customers to a potential attack. After months of phone calls and emails, I’ve been unable to get the ear of anyone who cares.”

We know by now that any connected device, even the most unremarkable, can provide an entry point for hackers to much wider and more sensitive building systems. In 2018, hackers utilized weaknesses in a connected fish tank thermometer to gain access to confidential information on high-rollers in a Las Vegas casino database. Numerous attacks have been launched via connected printers, thermostats, even physical security devices such as surveillance cameras and digital locks. However, many buildings still install poorly secured devices, seemingly oblivious to the ramifications.

“All IoT devices present possible entry points for hackers. Letting any one of these go unprotected is the digital equivalent of leaving a small window open downstairs when you leave the premises,” says William Newton, president and MD of WiredScore, a firm providing digital infrastructure certification for buildings. “Everything that’s linked to your network – from lighting to the CCTV system to the elevators – needs to be subject to the same stringent security protocols as databases containing confidential information.”

Cybersecurity certification programs can help the building industry further highlight the most vulnerable devices and the facilities most at risk. While basic cybersecurity should be commonsense in the modern world, by clearly presenting the risk in a rating system that forces owners, managers, and occupants to understand when they are at greater risk than the majority of buildings, we can force positive change. This kind of open communication on cybersecurity risk also excuses buildings for slow or limited smart technology implementation on the grounds of cybersecurity. Stakeholders should accept that for strong cybersecurity we may need slow and gradual IoT implementation.

“We’re working hard to educate them as to why this area is so important and why it takes a long time to get a certain supplier on board or to get everything connected,” says Sally Jones, head of strategy, digital and technology at property firm British Land, that recently introduced WiredScore’s SmartScore rating - a topic discussed by Jules Barker from WiredScore and Joe Brown from Kingsett in our recent webinar. “This new benchmarking system is helping us to bridge the gap in our organization. We’re using it to communicate why cybersecurity is important and what it means to be a secure smart building.”

We all know by now that there is an IT skills gap in building operations, and we all know that operational technology (OT) staff are not well trained in the application of digital technology. In fact, we have been talking about these issues for the best part of a decade or more, yet recruitment and training still lag far behind the development of the technology. IT and OT departments still pass the buck to avoid responsibility when it comes to smart building cybersecurity problems, while owners and managers sometimes appear oblivious to the dangers such issues bring.

“Buildings are increasingly being run by computers that aren’t within the IT team’s remit. These are probably managed by a facilities director or property director, depending upon the size of the business. Indeed, they may even be managed by the landlord,” says Ed Cooke, CEO and managing partner at Conexus Law, who sees huge risk coming from the demarcation of responsibility for cybersecurity in many companies.

From exposed devices to unsecured infrastructure, and a lack of accountability, the smart buildings industry has created a paradise for hackers to steal information, maliciously control systems, and cripple entire networks, often with relative ease. How long can we blame our cybersecurity problems in buildings on the rapid proliferation of technology before we realize that we are the ones driving that digital transformation? How long can we complain about cyberattacks when we are the ones installing the door and leaving it open?

We all know by now that smart buildings present a cybersecurity risk but the more the smart buildings we create without addressing cybersecurity issues, the more we show that cybersecurity is not that important… and maybe it should be.

Most Popular Articles

Digital Twins Smart Building
Smart Buildings

The Hero We Deserve? A Balanced Look at Smart Building Digital Twins

The Digital Twins concept continues to generate a significant amount of buzz in the smart building market. This technology, which seeks to create virtual representations of physical structures, offers a tantalizing promise of increased efficiency and sustainability. At the heart of the digital twin phenomenon is the creation of a dynamic, digital counterpart of a […]

Complimentary Article Occupancy Analytics Hybrid Working
Smart Buildings

Mapping the Occupancy Analytics Market Landscape 2023

Occupancy Analytics has been a growing force in commercial buildings for the last decade but, accelerated by the pandemic, this broad range of technologies is becoming critical to progressive buildings in recent years. Our new comprehensive market report on Occupancy Analytics and Location-Based Services offers an objective assessment of the dynamic space from 2023 to […]

Synectics Coex C3000 Camera
Security

Synectics Physical Security Business & 2022 Financials Examined

In this Research Note, we examine Synectics plc, the listed UK provider of large-scale electronic security systems for critical and regulated environments. This article is based on their 2022 Annual Results, Investor presentation, 2022 Annual Report and press releases throughout the year. Based in Sheffield, UK, the company’s expertise is in providing solutions for specific […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy