The importance of robust safeguards and high security standards to protect smart buildings and critical data from potential crippling attacks should not be underestimated, according to 2N. The company, in partnership with global cybersecurity company Kaspersky, has published key advice to help building managers prevent cyber attacks.
The caution follows research from Kaspersky which found that the UK had the third highest rate of cyber attacks on smart building management systems across Europe. Over 40 per cent of smart buildings in the UK suffered at least one cyber attack on their systems. This includes attacks with different variants of spyware – malware aimed at stealing account credentials and other valuable information.
The use of smart technologies in buildings has become an integral part of everyday life, offering convenience and flexibility for users. From lifts to heating, from alarm systems to access control, the range of critical infrastructures connected to the network and communicating with each other and with smartphones and other IoT devices is increasing.
It is more important than ever that users are aware of any potential vulnerabilities that may exist in their systems to ensure appropriate security measures are in place. If managed intelligently using devices with high security standards, smart buildings are highly effective, with features that support energy efficiency measures and help reduce operational costs.
If these systems become compromised, the daily operations of the building and, consequently, its residents could be at risk. For example, physical and virtual attackers can use intercoms and access control devices to discover passwords, eavesdrop on unencrypted conversations and gain full access to data, applications and personal property to perpetrate ransomware and man-in-the-middle attacks, or even sneak into the building.
Smart intercoms are rapidly becoming an indispensable product for homes and offices across Europe. However, some of these devices could expose consumers to the risk of remote hacking attacks, leaving them vulnerable to cybersecurity breaches. Choosing a device that meets certain security standards is the first step to offering residents unassailable home security.
The advice includes selecting a reliable, bespoke security solution tailored specifically for ICS environments that keeps the network secure at all times, and creating an independent network dedicated exclusively to devices that handle sensitive information, as well as using the virtual LAN (VLAN) and ensuring manufacturers of installed devices or software use implementation protocols such as HTTPS, TLS, SIPS or SRTP by default.
The advice also recommends creating a separate network for IoT devices, choosing a strong password for the router, never installing new electronic devices without checking the manufacturer and security standards. Businesses are urged to create different accounts with different privileges: a user will only be able to make changes related to their specific tasks, while the administrator will be given greater privileges to manage the building and all linked accounts.
The advice also reminds users that installing the latest firmware version on devices is important to mitigate cybersecurity risks. Each new release fixes bugs found on the software by implementing the latest security patches.