Verdantix urges building facility managers to secure building systems against cyber-attacks
Building managers need an integrated approach with IT professionals and clear lines of responsibility says the firm
Independent research and advisory firm Verdantix have issued a warning about increased but under-recognised threats from cyber-attacks on building systems. It noted that facilities managers should work with IT professionals to address the issue as early as possible.
The firm said that a sharp rise in the number of connected devices across building systems mean that the operational technology (OT) used to run facilities creates a growing risk of cyber-attack. Connected OT networks are converging with their IT counterparts, blurring traditional lines of responsibility for cyber security, just as ageing building systems require replacement, and the number of attacks rises, Verdantix pointed out.
Without sufficient security controls, these systems are introducing significant new risks and more entry points for cyber criminals to exploit, the company warned. The past five years have seen a massive explosion of Internet of Things (IoT) sensors and smart devices deployed with firms frequently selecting these smart devices based on cost and functionality, resulting in facilities having many devices with poor inbuilt cyber security controls, it added.
Cyber-attacks aimed at IT systems cost businesses $945bn in 2020, it is estimated, through damage to data and systems, lost productivity, and theft of money, intellectual property, and personal data, despite $145bn in cyber security expenditure, the firm pointed out. In recent times, industry stakeholders including developers have been advocating for digital transformation to boost resilience within the real estate sector.
“The first step for rebooting a smart building cyber security strategy is defining clear responsibilities and embedding cyber management into facilities operations across procurement, technology management and staff training. Facilities managers should not develop a siloed cyber programme on their own, but rather partner with their IT and security peers to integrate cyber security into different building management processes,” said Rodolphe D’Arjuzon, Global Head Of Research at Verdantix.
‘Verdantix’s Best Practices: Enhancing Your Smart Building Cyber Security Programme’ found firms are not aware of the full extent of their risk exposure from their OT, as they often do not keep registers of connected devices, or the level of cyber security protection provided. Its publication comes as more connected devices via the Internet of Things (IoT) transform the landscape, but just 32% of firms evaluate IoT security risks as part of the onboarding process for third parties and just 54% run penetration tests on their IoT devices, the firm remarked.
In April 2022, facilities management firm Farnek announced it was launching a standalone hotel management company, and in July, a major FM services contract for a PPP school project in Saudi Arabia was awarded to SNC-Lavalin.
