iTWire TV 705x108notfunny
Friday, 23 August 2024 09:45

In-building IoT - the attack surface you're not thinking about (yet)

By Leon Poggioli, ANZ regional director, Claroty

GUEST OPINION: Organisations generally have a good handle on the security of their IT infrastructure, thanks to the hard work of their chief information security officers (CISOs). But Operational Technology (OT) on the other hand can present security teams with many blind spots.

While CISOs have given greater attention to improving their OT cyber maturity in recent years, it can be extremely challenging to gain visibility over every connected asset, identify every cyber risk and take the necessary steps to remediate the most critical vulnerabilities.

An important area of cybersecurity that receives little attention from organisations is IoT, particularly as it relates to Building Management systems, or BMS. These systems consist of a diverse range of technologies, which are critical for the safe and secure operation of a facility, such as a hospital or manufacturing facility. BMS includes door access systems, heating, ventilation, and air conditioning (HVAC), closed-circuit television (CCTV), fire safety panels, and other systems.  

The reality is many of these systems were installed when the building was originally constructed, which could be decades ago. Therefore, this technology is very unlikely to have been deployed with cybersecurity in mind, nor kept up to date with critical security patches.

Alternatively, the BMS system may have been installed or upgraded as part of a more recent renovation, which likely results in a mixture of legacy and newer technologies from different third parties, who are only responsible for securing their specialty product. This creates an unnecessarily complex and messy environment for security teams to monitor and fix if a vulnerability arises.

As a result, many organisations with building management systems, such as property trusts and large retail organisations, have an unaddressed blind spot when it comes to their cybersecurity. What vulnerabilities exist in these systems? What other corporate networks are they connected to? What could be the impact on their tenants and customers if these assets were to suffer a major cyberattack? 

The consequences of a cyber breach on a BMS system can be significant: it could lead to unauthorised physical entry into the building, an inability to access certain parts of the building or physical discomfort to people inside the building, for example, if the interior was too hot or too cold.

When addressing these blind spots, the first question CISOs typically ask is, “Where do I start?” The first step is assessing the attack surface by completing a full asset and network inventory. This helps CISOs understand what connected assets even exist in a building in the first place, how they are connected to one another, and what external connectivity leaves the door open for attackers to manipulate building infrastructure.

From there, organisations will be able to understand the highest priority risks in their BMS for the first time and use this intel to take focused action on the most critical ones. This process enables organisations to demonstrate a measured risk reduction in their BMS infrastructure and be equipped to respond to cyber incidents that occur within the BMS, no matter whether they start internally or externally.

Read 1397 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Guest Opinion
Tagged under

Related items

More in this category: « How Financial Services Firms Can Transform Customer Experience Transforming the modern workplace: the case for AI PCs »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments