The recent cyber attacks of the NHS and other organisations around the world has once again trained the spotlight on cyber security. Insurance broker Premier BusinessCare runs through some dos and don’ts around smart technology in buildings.
In a recent survey, the Electrical Contractors’ Association (ECA) found that four in 10 buildings are at major risk from cyber attacks. The same study found that “Internet of Things” technology, such as smart boilers, radiators, lighting systems and entry systems – all connected to the internet – are providing a gateway to hackers.
As these smart systems are installed more frequently in buildings, it is likely hacking and exploitation will grow at a similar rate.
Smart technology is a growing threat to home and office security, say leading cyber security experts.
One high-profile incident which shows the vulnerability of devices reliant on mobile internet involving smart technology involved car manufacturer Chrysler. Its self-driving cars had their brakes disabled by hackers due to their lack of adequate security software.
One common way hackers are gaining unsolicited entry to data is through what’s known as a DDoS (Distributed Denial of Service) attack. DDoS attacks focus on disrupting a service to a network by overloading it with traffic, potentially causing it to crash. This leaves the door open for hackers to gain entry or demand payment to stop the attack.
One recent DDoS attack occurred in October 2016. Hackers used internet-connected smart home devices, such as CCTV cameras and printers, to form “botnets” (huge groups of connected hacked devices) to bring down popular websites such as Twitter, Spotify and Reddit.
Read related articles
Is BIM a security threat to the built environment?
Can we collaborate on cyber security?
Security of data under BS 1192-4:2014
Robert Hadfield, of getsafeonline.org, says there are two ways users can protect themselves from DDoS attacks. The first is to monitor network traffic regularly, which will help indicate any unusual activity and can block attacks that are in progress.
The second is having a recovery plan and using “an external provider or a back-up system to host your network so that you can still trade and appear online whilst the problem is being fixed”.
Although difficult to detect, the general rule of thumb for cyber security is to stop intruders before they have started. “Prevention is the answer,” says Hadfield. His top three preventative methods are:
- Encrypting data.
- Making sure installations are protected with complex usernames and passwords.
- Ensuring cyber protection software is properly updated and regularly checked.
“Software updates stay in line with current threats online, so make sure that you update them as soon as you are prompted.”
“Aligning with software updates is especially important when installing smart technology in buildings.”
Another concern for homeowners and businesses is just how devious cybercrime has become. Dr Jessica Barker of cyber security consultancy firm, J L Barker Ltd, says: “From an attacker’s point of view, artificial intelligence represents an opportunity. For example, with the potential for malware that learns about the victim’s environment and evolves to evade defences and detection.”
Lee Munson, security researcher at comparitech.com, refers to this clandestine approach as “creative criminality”.
While the cybercrime debate continues, what’s clear is safety standards need to be introduced to prevent smart technology opening the floodgates to hackers.
To protect both your business and your clients, it is vital to get it right first time when installing smart technology into buildings. Care must be taken to ensure the technology is properly secured and can be updated regularly after installation – otherwise it is easy to envisage a situation where a construction company could be held liable for a cyber attack on a company via the smart technology integrated into the build.
Image: Elnur/Dreamstime.com