As the Internet of Things (IoT) becomes more widespread and siphons up more devices, one does have to wonder how much thought is being put into security.
A report by Kaspersky reveals that 26.5 percent of computers used to control smart building automation systems were subject to a malicious attack in the first half of this year.
The cybersecurity firm says that of the computers that were hit, 12 percent were attacked by spyware, 20.6 percent were infected with a worm and 5.9 percent encountered ransomware.
The majority of attacks came from the internet according to Kaspersky but removable media (flash drives, external hard drives, etc.) accounts for 17.6 percent of attacks. Emails and attachments account for 8.8 percent of the attacks.
“While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated. Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market. Or a sophisticated building’s life support system is frozen because essential processes have been encrypted by yet another ransomware strain. The list of possible scenarios is endless,” says security researcher at Kaspersky, Kirill Kruglov.
The danger of having the computer controlling a smart building compromised is immense. Ventilation, climate controls, electricity and more are generally controlled by a computer connected to the internet and having that computer compromised can spell disaster.
For this reason it’s vital an IT team consider smart building systems when securing the walls.
Some of the precautions that should be taken include:
- Ensure smart building IT infrastructure is protected with a reliable security solution
- Conduct regular security audits of IT infrastructure to deal with vulnerabilities
- Provice up-to-date threat intelligence information to the IT team
“We urge security teams, whose area of responsibility covers IT networks of smart buildings, not to forget that they need protection. Even a basic solution will provide benefits and defend the organisation against potentially crippling attacks,” Kruglov concludes.[Image – CC 0 Pixabay]