If Not Now, When? The Need To Address Cybersecurity In Facilities Management Reaches Critical Levels
10, June 2022
If Not Now, When? The Need To Address Cybersecurity In Facilities Management Reaches Critical LevelsFor the past couple of decades, facilities managers have steadily overlooked cybersecurity, but it is gradually, inexorably rising in importance. Buildings are particularly vulnerable due to the interoperability between operational technologies (OT) and information technologies (IT) from multiple manufacturers. As a result, physical and digital risks are converging to form ever-increasing threats to businesses.
The explosion of IoT devices and connected OT has vastly increased the attack surfaces of buildings. Consequently, real estate managers need to reboot their cyber strategies in the face of growing risks. IBM research found that cyber attackers increased their targeting of internet-connected OT devices by 2,204% between January 2021 and September 2021. For example, a commercial REIT-owned Class A office building in Canada was attacked by ransomware that shut down the BMS and damaged central plant equipment, resulting in hundreds of thousands of dollars of cost. In another example, attackers infiltrated around 4,530 internet-connected video cameras installed by a cloud-based access control manufacturer, gaining access to video feeds across 68 organizations.
Verdantix attended IFMA’s World Workplace Event last week (2nd to 3rd June), where cybersecurity emerged as a hot topic. A panel discussion highlighted the risk from cyber-attacks that target emerging technologies, such as digital twins and artificial intelligence, that can pose serious security threats due to the complexity of software and the level of control granted to such products. For example, AI algorithms are vulnerable to data poisoning, where data inputs are maliciously altered to impact the decision making of the algorithm. These attacks can be particularly hard to identify due to the black-box nature of many AI solutions.
Although facilities managers don’t need to understand cybersecurity details fully, they need to educate themselves about the threats and build a secure culture to become informed users of connected technology. In addition, firms should embed cybersecurity into operations and set clear organizational responsibilities with a risk-based approach to implementing a defence strategy. To learn more about designing and implementing a smart building cyber security programme, read the report Verdantix Best Practices: Enhancing Your Smart Building Cyber Security Programme.