October Is Cybersecurity Awareness Month

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://todaysfacilitymanager.com/2014/10/october-is-cybersecurity-awareness-month/

October is the 11th annual Cybersecurity Awareness Month. Yes this is the
11th.

How many organizations still treat cybersecurity has they did 11 years ago?
How about five years ago? Or even as a year ago? Shockingly, most companies
are still relying on outdated, only partially effective methods.

While buildings are smarter and more connected than ever before, when it
comes to cybersecurity, they are stuck in the 1980s. Today’s connected
business world means there are thousands of entry points in and out of
companies. It is impossible to miss the continued headlines on the latest
breaches and cyber-attacks. We have witnessed that BMS and EMS technology
have weaknesses, such as inadequate password protection, software that can
be breached, and various unmonitored/unprotected access points within the
network. Cyber-attacks today are more sophisticated and targeted than ever
before. The truth is that network security and the security of devices and
systems do not work as well as we thought.

Cybersecurity protection and defense prevention for building automation
systems and the operational technology that operate and manage our
facilities is now a necessity and should not be treated differently than an
IT network when it comes to cybersecurity. Just like an IT network,
building automation networks should have multiple layers of defense and
protection as well as policies and procedures that are continuously
addressed. In fact, cybersecurity should be an integral part of the design
of intelligent buildings and today’s building automation system and not an
afterthought; it has gone from a nice-to-have to a must-have.

When it comes to cybersecurity, there are three types of companies (a)
those that have been hacked and admit it, (b) those that have been hacked
and don’t admit it, and (c) those that will soon be hacked.

As part of Cybersecurity Awareness Month, take time to examine the
cybersecurity posture of the systems, devices, and applications managing
and operating your buildings. Ask yourself and the people who manage and
operate them:

- Are we secure?
- How do we know we’re not compromised today?
- How would we know?
- What would we do about it if we were?
- Are we prepared to face the threat?
- Do we have a cybersecurity statement?
- How about the companies in our supply chain? Do they?

As you do, keep the following in mind:

- Understanding the issues, being informed, knowing what the implications
are, and engaging in dialogues about cyber security are critical.
- Cybersecurity is more than an information and data risk. It’s a bottom
line risk.
- The average total cost of an incident is now $3.5 million.
-Organizations that treat cybersecurity as a strategic issue perform better
than those that view it as a tactical one.
- There is a direct link between security and the business value of a
company.
- A negative cyber incident damages a business’s reputation. A businesses
reputation is a company’s most valuable asset.
- Think about cybersecurity in terms of reducing risk rather than in terms
of ROI.
- Inventory all your systems, devices, and applications and their cyber
protection.
- Treat every system and every device as critical; protect them.
- Build cybersecurity solutions and plan them into the front-end design.
- Vet the cybersecurity defenses of those you do business with; conduct
cybersecurity due diligence on vendors.

Cybersecurity is a shared responsibility among technology providers,
integrators/contractors, building owners and operators. Enlist facility
personnel, building owners and IT and get them to understand the business
risks associated with insufficient cybersecurity practices and weak
postures.

As part of the value chain, integrators and contractors examine and review
your security practices within your organization and how it relates to your
customers. Also take the time to review all of your deployments and the
security of these installations to ensure the systems and networked devices
are properly protected. Integrate a cybersecurity strategy for the systems
and secure remote access to them with additional layers of defenses into
all new deployments.

Cyber threats against the building environment are real. There’s no issue
that’s become more important that’s less understood than cyber security in
buildings and facilities. Our building networks and systems are not immune
to cyber issues. The best way to approach cyber threats is to realize one
simple truth; it is not if an attack will happen; it is only when. It is
all of our responsibility to take an active role. Stay ahead of the curve.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!