Creative hackers – what you who manage buildings should be aware of

The risk of cyberattacks on buildings and property systems is increasing. As control and monitoring become centralized and accessible remotely, hackers find new opportunities to exploit vulnerabilities. Outdated equipment, forgotten devices, and even neighbouring buildings can be potential entry points. Here are what you should be aware of:
  • Maria Sotberg

    Writer

published

updated

Illustration of how data security is intertwined with all connected devices and computer systems and how that makes the potential for cyberattacks on buildings bigger and bigger.
Today's buildings have many digital entry points. Are you aware of them all?

"As control and readings become centralized and available remotely, the risks of external attacks also increase. That can lead to major consequences for tenants and property owners – but also everyone who does work in the building, including suppliers and partners of various kinds," says Jon Åkerström, CPO at Kiona.

"If we look at the number of integrated systems and installed equipment that a building has today compared to ten years ago, you quickly realize why they are a more attractive target for hackers than before. The amount of data will not decrease in the future either, rather the opposite."

Outdated or forgotten equipment can be a bigger security risk

Add to that the clear trend of integrating and connecting different systems, and that the aggregated ecosystem in real estate is getting bigger and bigger, which in turn means increased requirements for security in the platforms and products used. John-Helge Gantz, Information Security Manager at Kiona, explains that attacks can take many different forms and that hackers are very creative.

"In the ever-changing cybersecurity landscape, threats can manifest in the most unexpected and seemingly absurd ways, often taking organizations by surprise. Like water, they find the path of least resistance and exploit it. That's why cyberattacks often target, for example, outdated or forgotten equipment, or even nearby buildings that share a network or physical location with higher-value corporate targets," he says.

Cyberattacks often target, for example, outdated or forgotten equipment, or even nearby buildings that share a network or physical location with higher-value corporate targets.

John-Helge GantzInformation Security Manager

"For example, it's entirely possible for someone to break in and disconnect measuring equipment used to detect leaks in a building or raise the temperature of monitored refrigerated counters in grocery stores, resulting in significant food waste. This in itself may not be so dangerous, but it shines a light on the challenges that need to be addressed," John-Helge continues.

"It is important to remember that no security solution is stronger than its weakest link, which often happens to be us humans. The area that we see the real estate industry has some way to go is traditional IT, such as network security and communication security."

IoT devices – a challenge for data security

He also highlights the growth of the Internet of Things (IoT) as a risk factor. Whether it's a seemingly innocent meter or someone's IoT lighting system, the potential consequences underscore a deeper problem.

IoT connected devices

IoT devices are everywhere, constantly transmitting data and "talking" with other devices. The number of Internet of Things (IoT) devices worldwide is forecast to almost double from 15.1 billion in 2020 to more than 29 billion IoT devices in 2030, according to statista.com.

"These devices, often perceived as harmless, inadvertently serve as potential entry points into interconnected networks. Maintaining the integrity of networks and infrastructure is a difficult task, as we face the growing challenge of protecting our increasingly interconnected world."

1. Network segmentation:

An essential part of improving cybersecurity is to work with network segmentation. Network segmentation in computer networks involves dividing a computer network into sub-networks, each of which is a network segment. The benefits of such splitting are to reduce or limit the attack's impact, as a hacker can only access part of the network, not all of it.

2. Zero trust:

This security model assumes that no user or device should be trusted and requires authentication and authorization for all access.

3. Cloud security:

With the increased use of cloud services, organizations must address unique security challenges related to data breaches and unauthorized access.

Remember: We have Single Sign-On (SSO) between all our products, giving you a unified login and strengthened security.

4. Data privacy:

Regulations such as GDPR and CCPA emphasize the need to protect personal data. Property owners should establish data processing agreements (DPAs) with suppliers.

5. AI and ML:

These technologies can help identify security threats but also bring their own security risks.

6. Multi-factor authentication (MFA):

Implementing multi-factor authentication (MFA) is no guarantee of protection, but it provides an extra layer of security and reduces the likelihood of breaches due to human error and trust.

For us at Kiona, security is paramount. That's why MFA is integrated into all our solutions, making investing in our platforms safe. 

How to reduce the risks of a cyberattack:

  • Inventory your building infrastructure with networks and what is connected.
  • Set up procedures and policies with responsibilities and roles, and what happens if different systems are attacked. Involve the IT organization in procedures and policies.
  • Work with network segmentation and Zero trust. Ensure that every user and device is authenticated and authorized for access.
  • Implement and utilize multi-factor authentication (MFA) where possible. It does not guarantee protection, but it provides an extra layer of security and reduces the likelihood of breaches due to human error and trust.