Dated building management systems introduce new layer of cyber risk – report
Dated and insecure building management and automation systems are exposing corporate networks to malware according to an international report from Team82, the threat research arm of cyber-physical systems protection company Claroty.
An analysis of nearly half a million building management systems across more than 500 organisations, found 75% were affected by known exploited vulnerabilities, half of which were affected by vulnerabilities linked to ransomware.
This raises alarms given the widespread reliance on building management systems in commercial property, retail, hospitality, and data centre facilities to operate systems like lighting, energy, elevators, security, and more. The exposure level of these devices provides adversaries with easily accessible entry points that leave the door open to costly and potentially dangerous disruptions.
“Oftentimes, BMS [building management systems] and BAS [building automation systems] are being operationalised on the network without thinking about the cyber security implications,” said Grant Geyer, chief strategy officer at Claroty. “What’s being gained in efficiency and convenience might be coming at a real risk if not effectively secured – for instance, the cooling of data centres or refrigeration of perishable goods in retail, which are critical systems to abruptly be taken offline if compromised.”
The report added that organisations needed to adopt a security framework that presents cyber security decision-makers and asset owners with a true assessment of their security posture, as well as a remediation plan tailored for action by risk management teams and understandable by executives.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers