Resilience and Cybersecurity: Putting Theory into Practice, Part 3

A resilient cybersecurity approach is key to thwarting hackers who want to penetrate building automation systems, as I discussed in the first and second installments of this three-part blog series. Applying a resilience lens to the ongoing cybersecurity battle requires some experimentation to understand the unique security environment of each building system. This method has led security experts to adopt a multi-tiered approach by blending the latest digital tools with human foresight.

Resilience Tactics Need to Continue Diversifying

As the number of connected devices within buildings continues to grow, hackers can count on more places and vectors to unleash malicious code and gain access to the various networks that are introduced when integrating devices and processes across enterprises. Thus, building resilience to cyber threats requires diverse security tactics and adding layers in response to the evolving Internet of Things (IoT) environment.

Redundancy Helps Minimize Security Gaps

The idea of only being as strong as the weakest link sums up the reasoning behind a multi-layered approach to cybersecurity. The individual strengths of each layer exist to cover gaps between various defenses. Derived from a military strategy meant to delay rather than prevent an attack, defense in depth, also known as layered security, provides redundancy to help minimize the exploitable loopholes from connected devices. A layered defense slows down hackers by creating one more barrier for adversaries to overcome. These layers can come in different forms of security technologies. Some of the most essential include:

• Firewalls to control and monitor network traffic. Trends in IoT and bring your own device increase the number of endpoints for hackers to gain access to corporate settings. A common first line of dense, firewalls protect networks by determining who or what is allowed access to a system’s network.
• End-user security trainings and tests to ensure staff is well trained to spot a phishing attempt. A strong cybersecurity plan can be rendered ineffective if IT staff and personnel aren’t properly trained. Basic trainings don’t have to be expensive. These can make the difference between a minor breach and a systemwide takedown.
• Web and email application firewalls to filter content and protect running applications. Most viruses occur by users clicking on a link in a phishing email or opening infected attachments. While end-user trainings are effective, it’s important to establish an automated filter to block such sites should users fall for these scams.
• Identity and access management solutions for authentication to ensure authorized access to sensitive data. These technologies identify, authenticate, and authorize both the individuals and the applications to use IT resources.
• Security information and event management solutions that analyze access data from connected systems or devices to detect anomalies or suspicious activities. Like firewalls, these services monitor and control network traffic, yet go one step further and provide real-time analysis of security alerts. These solutions provide insight into user information and are used to log security data for compliance purposes.

Mitigating Risk Is Key