Protecting Smart Buildings from Cyber Attacks
IP access control solutions provider 2N is marking cyber security month with guidance on protecting smart buildings from potentially crippling cyber attacks.
The importance of robust safeguards and high security standards to protect smart buildings and critical data from potential crippling attacks should not be underestimated, according to 2N, the global leader in IP access control systems. To mark cybersecurity month, 2N, in partnership with global cyber security company Kaspersky, has published key advice to help consumers and building managers prevent cyber-attacks.
The caution follows research from Kaspersky which found that the UK had the third highest rate of cyber-attacks on smart building management systems across Europe. Over 40% of smart buildings in the UK suffered at least one cyber-attack on their systems. This includes attacks with different variants of spyware – malware aimed at stealing account credentials and other valuable information.
The use of smart technologies in buildings has become an integral part of everyday life, offering convenience and flexibility for users. From lifts to heating, from alarm systems to access control, the range of critical infrastructures connected to the network and communicating with each other and with smartphones and other IoT devices is increasing.
It is more important than ever that users are aware of any potential vulnerabilities that may exist in their systems to ensure appropriate security measures are in place. If managed intelligently using devices with high security standards smart buildings are highly effective, with features that support energy efficiency measures and help reduce operational costs.
If these systems become compromised, the daily operations of the building and, consequently, its residents could be at risk. For example, physical and virtual attackers can use intercoms and access control devices to discover passwords, “eavesdrop” on unencrypted conversations and gain full access to data, applications and personal property to perpetrate ransomware and man-in-the-middle attacks, or even sneak into the building.
2N's Chief Product Officer Tomáš Vystavěl, says: "Smart intercoms are rapidly becoming an indispensable product for homes and offices across Europe. However, some of these devices could expose consumers to the risk of remote hacking attacks, leaving them vulnerable to cybersecurity breaches. Choosing a device that meets certain security standards is the first step to offering residents unassailable home security."
The advice from 2N and Kaspersky on how to protect smart buildings, critical data and security from hackers and intruders includes:
- Choose a reliable, bespoke security solution tailored specifically for ICS environments that keeps your network secure at all times.
- Create an independent network - dedicated exclusively to devices that handle sensitive information; using the virtual LAN (VLAN) and ensure that manufacturers of installed devices or software use implementation protocols such as HTTPS, TLS, SIPS or SRTP by default.
- Protect the IoT ecosystem: create a separate network for IoT devices, choose a strong password for the router, never install new electronic devices without checking the manufacturer and security standards.
- Create different accounts with different privileges: a user will only be able to make changes related to their specific tasks, while the administrator will be given greater privileges to manage the building and all linked accounts.
- Update the software regularly: installing the latest firmware version on devices is important to mitigate cybersecurity risks. Each new release fixes bugs found on the software by implementing the latest security patches.
- Use strong complex passwords of at least six characters and consisting of a combination of numbers, letters and symbols.
- Conduct regular security audits of the IT infrastructure to identify and eliminate possible vulnerabilities.
- Train the security team responsible for protecting the building's IT infrastructure on the most common threats and how to address them.