Why do facility managers need to take cyber threats more seriously and not leave it solely in the care of IT security providers? With IT security breaches on the rise, the facility management (FM) sector is at particular risk. This means that the ‘good enough’ approach needs to go.
While no organisation deliberately ignores security threats, relying on the security features of access points or other wireless infrastructure components is no longer sufficient, as they are incapable of detecting all types of threats across every channel.
For facility managers on a single site or managing multiple premises, with staff on-site and off-site sending confidential information over wireless infrastructure, any gap in security is a threat. Cyber security is increasingly becoming a greater threat to governments and businesses alike, with hackers becoming smarter every minute. With this in mind, the FM sector really does need to step up its game.
In 2014 alone, 42.8 million security incidents were detected globally. Security incidents are now so commonplace that, when compared with the growth of annual GDP and mobile phone growth, global security breaches are growing at double the rate at 48 percent. When considering that an estimated 71 percent of security compromises go undetected, the scale of the issue is put into sharp focus. Hacking attacks are becoming more sophisticated, security breaches and the potential damage they inflict are only getting worse and hackers are getting more confident. Now is the time for facility managers to take control before their IT systems become compromised.
Ramifications of data breaches
The financial ramifications of security breaches alone provide enough impetus to implement more stringent approaches to security monitoring. Financial impacts include decreased revenues, disruption of business systems and regulatory penalties, as well as erosion of customers.
Beyond the financial impacts, the effects of a security breach can include reputational damage, pirating of products, theft of business and manufacturing processes, and loss of plans such as merger and acquisition activity, and corporate strategy. Security breaches can completely bring a business down with one fell swoop.
Many FM organisations have the ‘good enough’ approach, which encompasses the ‘no one would be interested in stealing our information’ attitude. This attitude has got the better of some organisations that have faced a cyberattack. The pervasiveness of the problem isn’t going away and the ‘good enough’ approach just doesn’t cut it anymore.
Good enough no more
The ‘good enough’ approach presents several challenges including:
- Inadequate threat detection. Most access point security features perform only part-time scans of 44 standard Wi-Fi channels, when there are 201 non-standard extended channels where threats can hide.
- Lengthy threat update cycles. Access point solutions require firmware updates to respond to new threats, often taking months to release. They also require downtime to install, creating significant security gaps.
- Limited performance reporting. Many wireless security solutions provide only cryptic reporting that’s hard to decipher before taking action, increasing the burden on an already overloaded IT administrator.
- Minimal forensic analysis. It’s not enough to know a security breach has occurred. IT teams need detailed forensics to identify the root cause and eliminate it fast.
- Hidden monitoring gaps. Many wireless environments comprise multiple access point types and incompatible security features, creating holes in what the IT team believes is a comprehensive security system.
Five key IT security challenges for facility managers
- Multi-located workforce. FM staff are often on-site and the data they have to worry about is often their clients’ data. Therefore, ensuring data transfer over wireless networks is secure from prying eyes is essential.
- People. We often underestimate the power of people and human errors. Human errors and system problems are responsible for the vast majority of data breaches. Furthermore, FM companies often work with a vast number of clients and suppliers. It is critical that their IT systems are secure as well.
- Money transactions in the FM world. FM organisations often deal with contractors and pay them based on timesheets and analysis. If that information gets corrupted, they will have major issues with employees, clients and even banks.
- Systems. FM businesses often have their own systems and hand-held products. If a data breach happens and affects any of these, it becomes difficult to complete a job and could result in termination of a service level agreement.
- Health and safety. In the FM sector many staff are dealing in hard services such as engineering, an area where safety is critical for things to keep working. As technology is becoming intrinsic to much of this work, corrupted data could cause a raft of issues. For example, if a hacked device is saying that the electricity has been turned off when it hasn’t, making it seem safe to test wires, health and safety can be severely compromised.
Security practices must keep pace with constantly-evolving threats and security requirements. More importantly, IT security needs to be higher up on the business agenda for facility managers. A key part of this is the need for a dynamic response to wireless threats. As mobile data, mobile devices and security breaches continue their stratospheric climb, the ability to immediately identify all rogue wireless activities, regardless of network type, and enforce a ‘no-wireless’ zone is critical for organisations that deal with sensitive information, such as those in the FM sector.
The writer, Kenny Soutar, is ANZ Country Manager for Fluke Networks. Go to www.flukenetworks.com for more information.