Editor’s note: October is Cybersecurity Awareness Month, so Facilities Management Advisor chose to repost this highly relevant article, originally published in April 2022.
The threat of cybercrime impacts all businesses, no matter how big or small they are. The more advanced our operations become through modern software, the more open they are to outside attacks. But advancement is essential for progress, and even the buildings we do our work in are not as simple as they used to be.
In the past, building security was primarily concerned with looking after the physical property, but today, thanks to the popularity of smart buildings, it’s much more than that. Most new buildings built in the U.S. with 100,00 square feet or more are smart buildings with autonomous functionality controlling things like lighting, energy, and video surveillance.
The global smart building market is forecasted to grow to $127.09 billion by 2027, with a compound annual growth rate of 12.5%. With the rise in smart buildings across the globe, let’s consider the biggest cybersecurity threats facing them.
What Is a Smart Building?
A smart building is fitted with solutions that allow for automation, preventive maintenance, and space optimization. They are characterized by the use of integrated systems that communicate and share information.
Smart buildings reduce business costs by optimizing the space used through occupancy analytics, which determines if working areas and communal zones are effectively used. They can link core systems and integrate different building systems to ensure they are working in perfect harmony.
Using technologies like artificial intelligence, the Internet of Things (IoT), building management systems, and augmented reality, smart buildings are useful for preventive maintenance. Through the data collected via the many touchpoints and sensors, a realistic picture can be built up of when and how the building is being used.
This allows for a proactive approach to managing wear and tear, cleaning and restocking, and prolonging the life of equipment, furnishings and appliances.
How Do Smart Buildings Benefit Businesses?
Smart buildings are seen as the future for many businesses because they have proven to increase productivity, reduce energy consumption, and lower operating costs. Productivity in smart buildings increases thanks to better air quality, security, lighting, processes, and sanitation.
Reports suggest smart buildings also boost productivity by as much as 37%. In the long run, establishing a smart building enhances the smooth running of the premises while adapting to its ever-changing needs.
Building Automation System (BAS)
A huge vulnerability for smart buildings is the BAS, which is used to control the heating, ventilation, lighting, security and air conditioning. Lighting, climate, and elevator systems are interconnected in a smart building, but often the security protocols in place are not robust enough. For example, the systems in place for HVAC systems are not always data encrypted.
Given that Target’s retail chain suffered a massive data breach in 2013 due to hackers infiltrating its HVAC network, it’s important to shore up any potential hole. Increased entry points for hackers create a wider attack surface that makes businesses within smart buildings vulnerable.
For smart buildings to function effectively they rely on a multitude of IoT devices to communicate with each other. However, all it takes is one compromised IoT device for hackers to get in, and it could take months before any malware they have used is detected. Fifty-seven percent of IoT devices are vulnerable to medium- or high-severity attacks, making them low-hanging fruit for attackers.
IoT devices are common appliances that you might even find around your home but that are connected to the internet. Examples of IoT devices include doorbell cameras, smart meters, fitness trackers, smart speakers, and connected cars. An unprotected device is like leaving the backdoor open or a key under the mat.
There were even security doubts raised about whether Joe Biden could bring his Peloton bike into the White House when he became president. Ensuring that every single device connected in a smart building has adequate security is a must if companies want to avoid data breaches.
Users Make Systems Vulnerable
While as much autonomy as possible is better for smart buildings, there ultimately must be some human input. Often, the people using the systems are the ones who can leave them the most vulnerable. Everyone makes mistakes, but when it comes to cybersecurity, one mistake is all it takes for a network to be breached and data to be mined.
Human error in this instance might be accidentally downloading or clicking a link to malware, or using an old password and not changing it. For instance, 123456 remains one of the most popular passwords in the world, while 45% of people reuse the same password for their main email account on other services.
Nowadays many people are working from various locations, and if they are not using their work equipment on a secure network, it may make their device vulnerable to attack. If the device is vulnerable, then the smart building they work in is also vulnerable.
Using Outdated Software
Research from Kaspersky shows that 37% of computers used to control smart building automation systems were affected by malicious attacks in the first half of 2019. With so many devices and touchpoints found in smart buildings, it’s important that they are all running the latest versions of their operating software.
Outdated software creates an easy pathway for cybercriminals to gain entry into a smart building’s network. Most malware targets older software versions on phones, tablets, and computers to exploit vulnerabilities that have been fixed in newer versions.
Failing to download an update is asking for trouble, and whenever one is available, it should be installed right away. Outdated software can also cause compatibility issues with other devices, increasing the vulnerabilities to cyberattacks as there are many devices and sensors needed to effectively operate a smart building.
Protecting Smart Buildings Against Hackers
Companies working in smart buildings looking to bolster their cybersecurity should take heed of these common threats. Depending on the competency and expertise of the IT department, looking after cybersecurity might be something worth outsourcing to an expert.
Cybersecurity companies can give your network a robust shot in the arm and even perform ethical hacking procedures to locate and shore up any weaknesses. Given the multitude of ways into a smart building for hackers, bringing in some help to protect networks, data, and intellectual property is a safe way to go.
Chester Avey has over a decade of experience in business growth management and cybersecurity. He enjoys sharing his knowledge with other like-minded professionals through his writing. You can connect with Chester by following him on Twitter @ChesterAvey