Lynxspring

Lynxspring Technology Blog

October is National Cybersecurity Awareness Month

Here is my annual reminder: October is National Cybersecurity Awareness Month (NCSAM).

Held every October and now in its 17th year, NCSAM is a collaborative effort between both government and industry entities to raise awareness about the importance of cybersecurity. This year’s theme is: “Do Your Part. #BeCyberSmart.”

Nowhere is this more important now than within the built environment. Buildings and the systems that operate and manage them are cyber targets and part of the threat landscape. Improving cybersecurity control and programs should be a priority for every organization because a successful system intrusion can lead to a number of issues that directly affect the organization, its business, and its occupants.

As this is cybersecurity awareness month, here are some of the latest things to note:

Attacks Against Building Automation, Oil and Gas Industries Up in First Half of 2020

According to Kaspersky research, over the first six months of 2020, the percent of systems attacked in the building automation industries increased when compared to H1 and H2 2019. The percentage of ICS computers on which malicious objects were blocked grew from 38% in H2 2019 to 39.9% in H1 2020 in the building automation industry.

https://www.darkreading.com/attacks-breaches/attacks-against-building-automation-oil-and-gas-industries-up-in-first-half-of-2020/d/d-id/1339005

First Ransomware-Related Death Reported in Germany After an Attack Paralyzes Hospital

A woman seeking urgent care died this week after an apparent bungled ransomware attack took down a major hospital in Germany, thus forcing paramedics to rush her to another city for treatment, according to several news outlets.

https://gizmodo.com/first-ransomware-related-death-reported-in-germany-afte-1845118584

United States House of Representatives Approves Bill to Secure Internet-Connected Federal Devices Against Cyber Threats

The United States House of Representatives passed legislation to improve the security of federal internet-connected devices, with the bill garnering bipartisan support. The Internet of Things (IoT) Cybersecurity Improvement Act, requires all internet-connected devices purchased by the federal government - including computers, mobile devices and other products with the ability to connect to the internet - to comply with minimum security recommendations issued by the National Institute of Standards and Technology. The legislation also requires private sector groups providing devices to the federal government to notify agencies if the internet-connected device has a vulnerability that could leave the government open to attacks. 

https://thehill-com.cdn.ampproject.org/c/s/thehill.com/policy/cybersecurity/516373-house-approves-bill-to-secure-internet-connected-federal-devices-against?amp

Sobering Data

Sobering data from my friend Fred Gordy especially when you consider the U.S. has over 40% of these devices exposed compared to China where only 8% of the devices are exposed.

https://www.linkedin.com/pulse/top-50-us-canadian-cities-exposed-building-system-devices-fred-gordy/?trackingId=5Zl6XXvouYThJfB4qFUnLA%3D%3D

A Look at Some Numbers

2019 saw a 2000% increase in incidents targeting building systems (IBM’s X-Force Threat Intelligence).

There has been a 10X-increase in ransom paid this year over last year to a new average of $309,539.

The global average cost of a data breach has grown by 12% in the last five years to $3.92 million.

The United States had the highest cost at $8.19 million.

The FBI Internet Crime Complaint Center have seen cases roughly quadruple since COVID-19 before the pandemic—1,000/day initially; post pandemic—4,000/day.

A Kaspersky report analyzed 40,000 smart buildings worldwide and found that nearly 4 in 10 (37.8%) of these buildings had been affected by a malicious cyberattack.

5% is the average stock price drop of a public company immediately following the disclosure of a cyber incident

$6 trillion is the projected annual cyber damages costs by 2021.

So, during this month, ask yourself:

Are we secure?

How do we know if we have been compromised?

What is our strategy if we have been compromised?

Are we prepared to face a new threat?

“Do Your Part. #BeCyberSmart.”