Smart solutions can become a real headache for the owner, if such functions come under the control of a malign influence. An unexpected interruption of service – for example, ventilation and lighting stops working or the power goes out – is a nightmare for any office building, shopping mall or tenant space manager. Besides crippling everyday operations, a cyber attack can also do major damage to reputation. A recent survey conducted by Grant Thornton found that a majority of companies are afraid of precisely the latter consequence of a cyber attack.
Consequently, dealing with cyber security and data protection must be part of daily operating procedure for the management of companies that run an office building, much like analysis of financial reports. That’s unfortunately not the way it is in real life.
The study also revealed that less than 2/3 of companies (65%) have undertaken activities to map what sorts of data are collected in the company, but they don’t know:
A report from the State Information System Authority (RIA, see https://www.ria.ee/en/) notes that there were 9,135 cases where cyber security was impacted last year in Estonian computer and data communication networks. Of these, 2,248 – about one-fourth – were found to be cyber security incidents, meaning that the event had a direct impact on the confidentiality, integrity or availability of information or systems. The number of cases this year has grown. The question is no longer if we will be hit by a cyber attack – the question is when.
According to RIA, the most common cyber risks are malware transmitted by e-mail and spread by web domains, and infected and botnet-controlled devices in communication networks. Phishing and ransomware incidents have received greater public attention – the most recent major case involving the latter was in May, when WannaCry spread around the world. The WannaCry virus encrypted files on infected computers, and criminals demanded a ransom in exchange for the “key”. Considering that WannaCry managed to wreak havoc in 150 countries, including Estonia, it is evident that companies must do more to ensure the security of their information systems.
Cyber criminals look for the “door” of least resistance for breaking into companies and seizing control of data and systems. Sometimes this door is located in the supply chain – for instance, a building’s property management company’s IT system might have weak security, giving the criminals access to a company’s systems located in the building. This can come as a very unpleasant surprise for the building tenants who might have been under the impression that everything is fine in terms of security. Every property management company should thus ask themselves whether they have conducted a thorough IT security analysis and adopted appropriate measures to prevent cyber criminals from accessing their information systems. Every tenant who uses the servers, WiFi network and information systems provided by the lessor company should also ask themselves the same question.
Author: Siiri Antsmäe