Honeywell made some predictions on emerging trends that will shape cyber security for buildings next year. Honeywell Building Solutions’ cyber security professionals identified insights and expected changes resulting from more open, connected and smart building systems, and provided advice on how businesses can better safeguard valuable assets against cyber threats as their facilities digitally transform. Mirel Sehic, global director of Cybersecurity for Honeywell Building Solutions, recently led a LinkedIn Live broadcast in Brussels, where four key predictions for 2020 were highlighted.
1. Firstly, buildings will likely see an increase in cyber related threats as they become more connected, putting data, reputation and people at potentially greater risk.
According to Gartner, buildings will account for 81% of all connected things in 2020. Still, connected buildings often remain a less-guarded entry point and cyber security has not always been a primary focus when managing Operational Technology (OT). Research from Accenture shows that online intruders are increasingly seeking to exploit this weakness, as security breaches have increased by 65% in the last five years. Honeywell expects this trend will continue in the years ahead, causing serious disruption.
Sehic explains: “OT systems are, in some instances, being targeted to directly manipulate operations and as a bridge to IT data. For example, attacks on OT systems sometimes occur in hospitals and can lead to ransomware incidents, where staff are locked out of their computers. This can lead to issues such as delays in accessing patient files or even admitting patients, and when it takes 23 days on average to resolve a ransomware attack, this can be catastrophic.”
2. Cyber security for OT is expected to become a key safety and security metric for many businesses in 2020 as digitisation and the interconnectivity of systems potentially opens up new routes of access for cyber attacks.
As buildings become smarter, they generally produce more and more connected data, and therefore often attract more potential threats. In fact, a CEB study found that nearly 20% of organisations with IoT networks have experienced at least one IoT-related attack already. As businesses experience more attacks and the resulting damage caused, many will likely develop new and more robust strategies to keep pace. We expect to see more preventative measures in the coming year, such as training focused on addressing potential cyber threats in OT and on conducting cyber security assessments to identify gaps.
Sehic says: “Historically, we’ve often seen a serious lack of awareness and preparation around OT cyber security issues, but that’s starting to change. More attention and more budget is often being dedicated to furthering basic cyber hygiene upkeep and OT cyber security incident readiness – and we expect that to continue in 2020. But it’s typically not enough. Cyber security assessments must be carried out across a building’s OT infrastructure to identify gaps. Honeywell recently helped one of the world’s largest financial services institutions better safeguard its assets, which included multiple buildings and thousands of employees. The team performed vulnerability testing, deploying advanced strategies for cyber security and creating a methodology for data management to help prevent leakage of valuable digital information.”
3. Demand is expected to increase for a new type of security professional as OT and IT responsibilities often overlap.
By 2021, IoT security service spending will more than double to nearly $2.1 billion, according to Gartner. As cyber threats evolve and the demand for OT cyber security grows, the role of the security professional is often changing. OT and IT functions have been increasingly working together to prepare for and respond to cyber attacks, but in 2020 we will likely see more individual professionals with both OT and IT capabilities. These employees typically start their career in one function, but grow their skill set overtime as they gain more overarching security experience.
Sehic says: “We’ve seen a lot of employees take action and actively develop new and broader abilities. It is becoming increasingly common for IT cyber security professionals to learn more about OT, as well as traditional OT engineers wanting to find out more and grow their skill sets in cyber security. At Honeywell Building Solutions, we recognised this emerging need and have been fostering a learning environment to expand our talent and cyber security workforce. We believe the industry will soon follow.”
4. A global standard for cyber security is expected to become a top priority across industries.
2020 will likely bring a greater focus to standardisation for building cyber security, and we expect to see at least one framework emerge as a leading guide for securing a building’s OT system. “There are many different frameworks being discussed, making standardisation an ambitious prospect,” says Sehic. “The move toward standardisation will almost certainly gain traction globally in the year ahead. This year, Honeywell joined the Global Cybersecurity Alliance (GCA), created by the International Society of Automation (ISA), as a founding member to accelerate the development and adoption of cyber security standards.”
Sehic concludes: “2020 will very likely be a transformative year for building technology as businesses make bigger strides toward securing their OT systems against increased cyber threats. Having the right skill sets to combat the rise of threats is becoming increasingly more important.”