Smart Buildings Need Stronger Security to Prevent Risks
â–¼ Summary
– 75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), with 51% also linked to ransomware and insecure internet connections.
– Many BMS devices use legacy systems without encryption, default credentials, or outdated firmware, making them easy targets for attackers.
– Third-party access tools often lack security features like MFA, with over half of organizations using four or more remote access tools, increasing risk.
– BMS vulnerabilities pose significant risks to critical operations like HVAC, lighting, and security, especially in sectors like real estate, retail, and data centers.
– Organizations must prioritize securing BMS by adopting exposure management and integrating cybersecurity into digital transformation efforts to prevent disruptions.
Smart buildings are transforming modern infrastructure, but their security vulnerabilities pose serious risks that demand immediate attention. Recent research reveals that 75% of organizations have building management systems (BMS) exposed to known exploited vulnerabilities (KEVs), with over half of these systems also linked to ransomware threats. Alarmingly, 2% of critical operational devices operate at the highest risk level, leaving essential functions like HVAC, lighting, and security dangerously unprotected.
The problem stems from outdated infrastructure. Many BMS rely on legacy protocols lacking encryption, making them easy targets for cyberattacks. Hackers exploit weak spots like default credentials or unpatched firmware, often scanning for vulnerable devices using tools like Shodan. Worse, third-party vendors frequently bypass security measures, relying on unsecured remote access tools, some organizations juggle as many as 16 different solutions, many without multi-factor authentication (MFA).
Unsupported devices compound the risk. Aging hardware no longer receives vendor updates, leaving gaping security holes. When these systems connect to the internet for remote management or analytics, they become low-hanging fruit for attackers. A single breach could cripple critical operations, imagine data centers losing cooling or supermarkets losing refrigeration due to a cyberattack.
Proactive exposure management is key to mitigating these threats. Organizations must prioritize risk assessment tailored to cyber-physical environments, identifying and securing high-risk devices before they’re exploited. As Grant Geyer of Claroty notes, efficiency gains from smart buildings mean little if security is an afterthought.
The solution lies in integrating cybersecurity into digital transformation strategies. By evaluating business impact and adopting actionable remediation plans, companies can safeguard operational continuity. A robust security framework must bridge the gap between technical teams and executives, ensuring risks are understood and addressed at every level. As buildings grow smarter, their defenses must evolve just as quickly.
(Source: Helpnet Security)