Log4j rattled the infrastructure security world. Here’s how to prepare for the next security threat.

Since December, cybercriminals have made hundreds of thousands of attempts to exploit vulnerabilities in a little-known but virtually ubiquitous piece of software called Log4j. Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), called Log4j the “most serious” security flaw she’s seen in her career.

And it’s just the beginning. Cybersecurity agencies in the United States, Australia, and the United Kingdom have detected an increase in sophisticated ransomware attacks against “critical infrastructure” sectors, including airports, hospitals, and academic research facilities. The cyberwar accompanying Russia’s invasion of Ukraine could make matters worse. As state-sponsored hackers pump out a barrage of attacks to see what sticks, American businesses could get caught in the crossfire.

Security breaches have the potential to hit commercial real estate particularly hard. Real estate owners are increasingly recognizing the need to make their buildings “smart,” but as our buildings become more connected the risk of potential cyber threats increases. Just like a smartphone, the technology that makes a building smart requires regular software updates to patch evolving security threats.

Simply reacting to every new cybersecurity threat is a losing strategy. Building owners need more sustainable solutions to strengthen their cyber defenses. In a recent report, CISA highlighted a few immediate actions real estate owners can take to protect their buildings against cyberattacks:

1. Update operating systems and software.

In the wake of security breaches, IT departments often scramble to patch affected systems before hackers can exploit them. But the projected pace of cyberattacks won’t be rebuffed through diligent patching alone. For one, reactively patching thousands of affected devices across an entire real estate portfolio is a nightmare, leaving building owners and tenants exposed to cybersecurity threats for weeks.

Building administrators need to be able to proactively orchestrate updates and patches across an entire building portfolio simultaneously.

2. Secure and monitor remote desktop protocols.

Remote building access is often monitored on a building-by-building basis, and each property in a portfolio can have different networks, automation systems, and devices. Every day, building operators grant technicians from hundreds of third-party vendors access to these systems. In most cases, a building operator needs to be onsite—at a physical workstation—to initiate a third-party vendor’s access. There’s little governance around who is accessing a building’s operations network and when. Needless to say, this creates significant security concerns.

Property owners need a secure way to uniformly authenticate, manage, and audit who has access to building networks, connected devices, and software applications.

3. Adopt multi-factor authentication.

Because single-factor authentication, such as a lone password, is vulnerable to even the most amateur hackers, many companies have switched to two-factor authentication, which requires a second piece of information—often a phone number or separate email account—to access a system. But when it comes to cyber security, three is better than two (and four is better than three, and so on). Additional layers of protection can include physical tokens—a key fob or USB drive, for example—or even biometric identifiers such as a fingerprint, retinal scan, or voice recognition.

Building administrators should require multi-factor authentication for as many services as possible—particularly for email and accounts that access critical systems.

4. Regularly backup data.

It’s the oldest safeguard in the book. In the event of an attack, having a secure backup of a building’s data infrastructure will help safeguard continuity of operations and minimize potential downtime.

Building administrators should maintain an offline, encrypted backup of a building’s data. One good option is to maintain the backup in a native cloud (though, consider storing the backup’s encryption key somewhere else).

Be prepared for the next security threat with IoTium from View
IoTium’s easy-to-deploy solutions can facilitate all four of these actions, enabling building owners to quickly achieve enterprise-grade security and gain real-time visibility into their entire real estate portfolio. For more information, please visit: www.iotium.io or contact us below.