“Before the IoT revolution, most buildings’ systems tended to be self-contained and therefore safe from hackers. This began to change with the introduction of remote management via permanently connected smart sensors. In the past, it was an afterthought. You get Norton 360 and then you move on”, says Nick Morgan, Information Security Manager at property investor Derwent London.
A new report from Memoori
The report from Memoori suggests that organisations are buying connected technology without properly considering the issue of cyber security, even though executives usually are well aware of the risks involved.
“We know that cyber attacks can lead to massive financial and reputational damage, but we still purchase and integrate vulnerable technology. The obvious conclusion to draw from these truths is that cyber security is not that important, at least not to purchasing decisions”, says James McHale, founder and CEO of Memoori.
All IoT devices are entry points
William Newton, president and MD of Wiredscore, a firm providing digital infrastructure certification for buildings, says:
“All IoT devices present possible entry points for hackers. Letting any one of these go unprotected is the digital equivalent of leaving a small window open downstairs when you leave the premises. Everything that’s linked to your network – from lighting to the CCTV system to the elevators – needs to be subject to the same stringent security protocols as databases containing confidential information.”
James McHale thinks that the smart buildings industry has created a paradise for hackers to steal information, maliciously control systems, and cripple entire networks, often with relative ease:
“How long can we blame our cyber security problems in buildings on the rapid proliferation of technology before we realise that we are the ones driving that digital transformation? How long can we complain about cyber-attacks when we are the ones installing the door and leaving it open”, he concludes.