Connectivity and COVID-19 – why knowing your assets and risks is more crucial than ever

by FM Media
0 comment
connected cords in hardware port

Connectivity has allowed us to continue to operate during the pandemic, but it also greatly increases access points to invisible assets, meaning more risk.

Smart buildings have a lot of connectivity (a word you hear a lot these days). Essentially, everything (refrigeration, phones, lighting, lifts – everything) is connected to the internet. And that translates to risk. It means you need to protect your building on a cyber, as well as a physical, level.

This connectivity has increased many times over because of the COVID-19 pandemic. Sixty-four per cent of employees are able to work from home, according to the Gartner 2021 CIO Survey. Connectivity has allowed us to continue to operate. But it also greatly increases access points to previously invisible assets, and that means more risk.

It’s never been more important to exercise due diligence in protecting your assets. This is both in the context of acquisition of new assets and in the ongoing management of existing assets and the heightened risks associated with owning smarter buildings. This serves your interests of course, but the importance of doing so is reflected in upcoming legislation.

The Federal Government is making changes to the Security of Critical Infrastructure Act (2018), introducing a ‘positive security obligation’ requirement for industries in a broad range of sectors (communications, financial services and markets, data storage and processing, defence industry, higher education and research, energy, food and grocery, health care and medical, space technology, transport, and water and sewerage).

There are many ways to be vulnerable. One of the most prominent threats out there is ransomware, where malicious actors gain control of your data, encrypt it, and demand money to restore your access.

The Government’s Cyber Security Industry Advisory Committee says “ransomware has become one of the most immediate, highest impact cyber threats to Australia…

“Given the stakes are so high, organisations need to understand the risks and prepare accordingly, know what action to take in the event of a ransomware attack and have a clear understanding of their legal and regulatory obligations. To put it simply, organisations cannot afford to be complacent.”

Whether through phishing emails (‘Your parcel is awaiting delivery. Click here to verify your address and delivery details’), lack of vigilance when it comes to patching, leaving systems visible to unknown parties, or even left open for remote access by contractors or off-site staff, your building can be more open than you currently know.

Smart building connectivity means ransomware can affect not only your data, but also building management servers that control systems like, for example, lighting and HVAC. So, how do you mitigate this? By knowing what you have, how it’s connected, who has responsibility, and who has access.

You can protect your assets if you know your assets

Physical and virtual asset and services auditing is the first step in strategic asset management. The largest security gap is around knowledge. Once you’ve addressed that, you can start asking and answering the questions that will enable you to plug the rest.

For instance, can your lighting be controlled by someone externally? What are the operational and financial consequences of that happening? What about your lifts? Can a malicious actor gain control and trap people there? Can someone gain access to your CCTV cameras?

You may have had various contractors over the years managing different systems. Perhaps they didn’t leave you with handover details and passwords, or some of what’s been done is now out of date. Some systems may have disappeared from view altogether.

A thorough scoping audit requires detailed knowledge of cybersecurity and technology as well as the skills and expertise required to perform a traditional hard technical asset audit. Buildings are an interconnected web of systems, so it’s not enough to know cybersecurity intimately, or operational technology like the back of your hand. You must understand both.

The greatest cost is the one associated with doing nothing

Carrying unknown risk, taking a reactive approach to upkeep, and facing liability for future failure all come with dollar signs followed by numbers with many zeroes on the end.

However, budgets for cybersecurity in OT are still often much tighter than for IT. According to Nicholas Lianos, managing director of Grosvenor Engineering Group, organisations allocate up to 30 percent of their IT budget to cyber security, but rarely anything at all when it comes to building operating systems. That used to make sense because building systems were not previously connected to the internet.

The times – and buildings – are different now, but budgets have not caught up.

According to PwC, more than half of the executives they surveyed for their 2021 Global Digital Trust Insights report are not confident that their cybersecurity spending is in fact aligned with the risks they face. “Cyber budgets could – and should – link to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way, but 53 percent lack confidence that their current process does this,” says PwC.

So, cybersecurity for OT is just as essential as IT. However, given the scarce budgets and resources for cyber security in OT, efficiency to enable high return on investment is more critical than ever.

Grosvenor Engineering Group provides a unique marriage in the property industry – expertise in hard technical services and cybersecurity and virtual systems. When its teams perform a full audit, they do it all. They have the expertise and resources to audit all assets, physical and virtual. And they ensure you have ownership of and access to all the data (which is, after all, yours) in a meaningful way.

For more information about our strategic audit and management, contact 1300 255 247 or visit


Photo by Thomas Jensen on Unsplash

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More