Countering Threats

To Smart Buildings

By Joel Nelson on Oct 28, 2017 in News

A panel of corporate security experts held a recent Realcomm-hosted webinar to discuss strategies for managing cyberattacks to buildings that are increasing in frequency, sophistication and impact.

Don Goldstein, senior vice president of IT for CBRE, recounted how the “Not Petya” ransomware attack of June 2017 encrypted hundreds of thousands of computers around the world and shut down whole networks and systems for weeks.  With the damage still being added up, the initial $850 million economic cost estimate could rise.

“Not Petya hit all verticals, from nuclear plants and pharmaceutical firms to steel makers, consumer lenders and law firms,” Goldstein said.  Cautioning against disaster fatigue, he added, “We need to get people to think about and prepare for this type of event.”

Ryan Allbaugh, business initiatives consultant for Wells Fargo, said that because internet of things (IoT) connected devices don’t have traditional IT operating systems or antivirus and antimalware, cyberattacks are “no longer an IT problem, but an operational problem” for every part of the economy.

As we see more IoT connections, everything is vulnerable, from remote lighting control to elevator and video surveillance controls, Allbaugh noted.  “The challenge with IoT is that these systems often lack centralized visibility, and doing something as simple as getting a physical inventory can be a challenge,” especially with widely dispersed properties.  He outlined the National Institute of Standards and Technology Cybersecurity Framework, which offers guidance on assessing and improving prevention, detection and response to cyberattacks.

Lorie Wigle, general manager for Intel, noting that “one company can’t solve this on its own,” urged collaboration and information sharing among IoT participants.  “We need to have ongoing lifecycle security management services in place to continue to measure and detect compromises to components of end-to-end services,” she said.

Given that there’s “no silver bullet, no 100% security,” Ken Malcolmson, executive security advisor for Microsoft, recommended offending hackers’ business sensibilities by placing multilayered defenses across the attack chain, requiring attackers to devote prohibitive amounts of time, budget and attention to achieving their goals.

Referring to insurance, occupant harm, liability, compliance and other issues, Marc Petock, vice president of marketing for Lynxspring, a builder of IoT technology, focused on the business impact of cybersecurity.  Security boils down to two things for a company, he said: “How much risk are you willing to take, and how much will failure to be cybersecure cost you?”  With more than 4.6 million exposed building control devices in the U.S. alone, he said, “the value of making systems secure far outweighs the risk of not making them secure.”

Ron Victor, CEO and founder of secure network infrastructure company IoTium, advocated connecting buildings with a 100% “zero-touch” cloud-managed solution that requires no field work and bakes in security at every level from the ground up.

Yardi is experienced at keeping client data secure with cloud services that include data recovery, automatic encryption and the latest in intrusion prevention, security best practices and 24/7 systems monitoring.  Granular settings enable system administrators to create multiple levels of access for users.  “The cyber security world changes very quickly.  There is never a point at which you can say, ‘We are done and we can now focus on something else.’  At Yardi, we are constantly reviewing the components we need to deploy to keep our client data safe,” said Jay Shobe, vice president of technology.

Learn more about Yardi Cloud Security.