Cyber-attacks… Be afraid, be very afraid!

It’s the dreaded phone call we all want to avoid

Your client calls…“we have been hacked. We think they got through via one of the IoT devices we specified….the cctv system, the access control, or maybe the BMS….it’s a nightmare, we had to shut down our network. It is costing €5,000 an hour”.

It’s the dreaded phone call that could have PI implications and could damage reputations. Unfortunately, calls like that are happening daily. The Kedington Cyber Security team tell us that some cyber-attacks are easily fixed, but some attacks are not so easy to fix, as witnessed in the media recently. Thankfully, there are many steps you can take to protect your clients’ network and your reputation at the same time.

Unsecure data networks are unacceptable these days

Unfortunately, as 50 billion IoT devices come onto the LAN by 2025, hundreds of networks are not as secure as their owners think and this is proving to be a very challenging area for Consulting Engineers. We have demonstrated that we can hack clients’ networks (with their permission) and clients are always shocked when we do so! Clients need solid advice regarding how to secure their networks and M&E Consultants are in the firing-line because they are specifying IoT products that hang off the clients’ network. But are the devices you specify protected from Cyber-attacks? This is where gaps in security are appearing these days.

Buildings are continuously evolving and improving

Thermal efficiency, safety, space optimisation and flexible utilisation, carbon neutrality and of course, operational cost reduction are all major drivers for change in building design and operation these days. Smart Buildings are here to stay, but the technologies behind the ‘smart’ bring the need for connection to the LAN and therefore the need for Cyber Security.

These systems/services and how they respond to the needs of the occupants are evolving rapidly and to do so they need to communicate with each other and to the outside world. Our simple approach is to put these devices onto a Secure Building Services LAN and LOCK IT DOWN!

Simply put – it is a given that these IoT products will be connected to the LAN, so why not connect them to a secure BSN (Building Services LAN). Everyone we know in the IT world supports this approach. So please let us help you to specify a secure Building Services LAN to support all these IoT devices.

We are here to help. We know what the specification should say in order to secure the connection of the products you specify on the LAN. The growth of the Building Services Network (BSN) proves our point. We are just spreading the word, so no building gets left behind.

Every point of data entry to a building becomes a potential opening into the system, exposing your clients to significant potential risks. We all know how recent health systems were compromised and up to 2,000 different systems put at risk! Cyber criminals are nothing if not sophisticated.

In the same way you make sure every building has a fire alarm and an emergency lighting system, so too must it have a secure IT network. Network security must be an integral part of your design.

Now for the tech bit.

We could just suggest the minimum that needs to be done…a firewall, with Unified Threat Management (UTM), appropriately configured for the systems deployed, but it will vary by whatever is on the BSN and what access (remote or on site) is required. And ideally, an Access Control Solution such as ClearPass, that enforces policies of who is allowed access, to what on the network and from where.

Anti-virus software for all devices that can run it, is also advisable, for any servers connected to the BSN and any client devices/ Management PC’s etc. that connect to it.

Security is complicated and consists of multiple layers – a bit like an onion. But how many layers do you need? How much should you spend? That depends on the value of the resources you are protecting, and the potential operational, financial, and legal costs of not protecting them or being deprived access to them. And how paranoid you are? Or more importantly, how paranoid should you be?

A very important point not mentioned yet….

Proper security is not achieved at a “point in time”. It is a continuous process that needs on-going support, maintenance, and advice from people like Kedington. This is the service we provide to many clients, but not all consultants specify this service in their specifications, so we see security gaps arising. Network security can no longer be an overlay added after the network is built. That can leave gaps and you cannot afford gaps in your security.

As an example, the latest estimate of the costs of the HSE Security breach is approximately €500,000,000. Yes, half a billion €.

We know cyber criminals are coming for you and your client. It’s not a question of if, it’s a question of when. Let’s be ready together and have the necessary locks in place. Looking for a secure BSN?

Talk to Kedington to avoid being afraid, being very afraid!