October is National Cybersecurity Awareness Month
“Do Your Part. #BeCyberSmart.”
Now in its 18th year, Cybersecurity Awareness Month - observed every October, continues to be a collaborative effort between government and industry to ensure both businesses and consumers are aware of the cybersecurity pitfalls and have the resources and knowledge to stay safer and more secure online.
When it comes to the built environment, cybersecurity is paramount. The importance of paying attention to cybersecurity in building management and operating systems can’t be understated.
While we have spoken and written about it for several years now, and it’s front and center daily, do you think we (our industry) has and is taking it seriously yet? Is it part of regular and on-going discussions related to managing and operating facilities and buildings
As this is cybersecurity awareness month, here are some interesting things to keep in mind:
- A recent survey from Honeywell found that more than 1 in 4 (27%) respondents have experienced a cyber breach of their OT systems in the last 12 months. Further, more than 7 in 10 (71%) surveyed facility managers consider OT cybersecurity a concern or worry, yet only 44% currently have a cybersecurity solution in place today to protect their OT systems from potential threats.
- The proportion of attacks on operational technology (OT) systems nearly doubled between 2019 and 2020, from 16% to 28%, according to the recent Honeywell Industrial Cybersecurity USB Threat Report 2020. Critical threats (those potentially causing major disruptions) more than doubled, from 26% to 59%.
- The average cost of a data breach stands now at $4.24 million per incident, the highest in 17 years.
- From the Cost of a Data Breach Report 2021", companies that had a fully deployed security automation strategy saved money when dealing with a data breach. Such businesses saw an average cost of $2.9 million, while those with no automation in place had to spend $6.71 million to respond to a breach.
- Companies with an effective zero trust approach saw an average data breach cost of $3.28 million, $1.76 million lower than those that failed to adopt this strategy.
- Companies with an incident response team and response plans spent on average $3.25 million to deal with a data breach, whereas those without these measures were hit by an average cost of $5.71 million.
- The 2021 State of Malware Report from Malwarebytes found that cybercriminals are learning from the past to build smarter software and starting to modularize their products to make distribution easier.
- In a new report, titled "Do Banks Price Firms' Data Breaches?" the organization found that banks are punishing companies that lose customer financial account information or social security numbers through data breaches with substantially higher interest rates and steeper requirements for collateral and covenants (this also applies to insurance).
- According to one estimate, ransomware grew by a magnitude of 35 times last year with the built environment being no exceptions. Cybersecurity Ventures’ latest prediction is that global ransomware damage costs will reach $20 billion by 2021 – which is 57 times more than it was in 2015. This makes ransomware the fastest growing type of cybercrime.
I think we all agree that cybersecurity within the built environment is challenging. What are the top challenges as you see them? Is it an organization culture and mindset? Could it be software, system, and application updates? Perhaps it is poor cyber hygiene when it comes to the OT? Do mobile-based tenant apps represent a new risk? Possibly does it stem from a lack of the same type of policy framework strictly adhered to by IT security? Is it from the lack of an OT cybersecurity incident response plan?
Cybersecurity threats are an unfortunate reality within the built environment. Nowhere is it more important than right now. Buildings and the systems that operate and manage them are cyber targets and part of the threat landscape. Improving cybersecurity control and programs should be a priority for every organization because a successful system intrusion can lead to several issues that directly affect the organization, its business, and its occupants.