Cybersecurity Threats Remain a Concern for Global Corporations

Cybersecurity risks remain a persistent threat for global corporations, and the outlook for 2021 continues to be gloomy. That is the upshot of a new survey published by Trend Micro, which found that almost one-quarter (23%) of respondents said their firms suffered seven or more attacks penetrating their networks or systems in 2020.

Most of the respondents (83%) said the chances of cyberattacks being successful in the next 12 months are “somewhat” to “very” likely. The Trend Micro survey, which was conducted in conjunction with Ponemon Institute, supports the Cyber Risk Index, a measurement tool aimed at assessing a company’s ability or readiness to respond to various types of cyberattacks. The latest survey results are based on answers supplied by nearly 2,800 IT managers and practitioners from the US, Europe, and the Asia Pacific.

Automated Buildings Are Particularly at Risk

For facilities managers, the survey’s message underscores a threat that they are all too familiar with. Max Gilg, a senior digital executive at Tripwire, notes automated buildings are particularly vulnerable: “Every system and individual device, and even each version and revision of every system or device, has its own specific and often unique cyber risks.”

His words ring true in the wake of a separate report from Forescout Technologies that identified vulnerabilities in widely used software found in millions of connected IoT devices. These flaws could be exploited by hackers seeking to penetrate and cause harm to business and home networks. While there is no evidence of hackers having exploited the vulnerabilities, called AMNESIA:33, the potential threat to such devices did prompt the US Cybersecurity & Infrastructure Security Agency to issue an advisory on the matter.

Devices that could be affected by AMNESIA:33 are built by some 150 manufacturers according to Forescout and include network switches, environmental sensors, security cameras, smart printers, self-checkout kiosks, badge fob readers, radio-frequency identification asset trackers, and uninterruptible power supplies, to name a few. The potential problems could compromise a device and enable a hacker to execute malicious code, perform denial-of-service attacks, or steal sensitive data.

Stakeholders and Leaders Need to Protect Their Networks

Not only are business and home networks vulnerable to cybersecurity threats—so are government agencies. It was recently revealed that the US Department of the Treasury and Department of Commerce had been penetrated by foreign governments. The months-long hack began as early as March 2020 and involved a common software product used by thousands of organizations.

Facilities managers, like so many other corporate managers, need to stay vigilant in the fight to protect buildings, assets, and people. In the long march toward digital transformation, connected devices are still too easy to penetrate. Facilities managers and tenants need to press device manufacturers and network system providers for higher levels of security. If stronger steps are not taken to secure devices and systems, the number of successful attacks will only increase. Industry stakeholders must do a better job and stop paying only lip service to the dangers. For more on this topic, see Guidehouse Insights' blog, “Ransomware Threat to Critical Infrastructure Is a New Priority.”