Cybercrime isn’t just a plot device of the latest blockbuster or hit tv show. The FBI has teams and divisions across the country dedicated solely to investigating and stopping all sorts of cyber intrusions in the public and private sector. Unfortunately, it’s clear that the threats and attacks are going to keep coming, and your building automation systems (BAS) aren’t immune to the threat. Cyber criminals WILL find the security holes in your BAS. It’s simply a matter of time.

40 million The number of credit and debit card numbers thieves stole from Target between Nov. 27 and Dec. 15, 2013.
70 million – The number of records stolen that included the name, address, email address and phone number of Target shoppers in that same data breech.
0 – The number of people in Chief Information Security Officer (CISO) or Chief Security Officer (CSO) jobs at Target (according to the AP).

When you look at these numbers from the Target security breach, you probably pay no mind to them.  But what you should know is, the cyber criminals accessed Target’s network through a building automation system control that you probably have in your very building. What if I told you tech giant Google was hacked through their building automation system as well?  Two security researchers recently found that they could easily hack the building management system for the corporate giant's Wharf 7 Office overlooking the water in the Pyrmont section of Sydney, Australia.

Cyber Criminals are increasing in numbers and unfortunately our security measures aren’t keeping pace.  The total cost of cybercrime is expected to hit $6 trillion by 2021. This would make it the greatest transfer of economic wealth in history, becoming more profitable than the global trade of all major illegal drugs. But even with the evolution of technology, humans have now become the top target for cyber criminals, ahead of machines. Just over 51% of the world’s population currently uses the Internet, and this is expected to increase to 75% by 2022 and 90% by 2030.  Just take a look at this list of data breaches reported since 2010.

Health Care Systems Are Under Threat

What’s even scarier is the number of hospitals that are now coming under fire.  According to a report from HealthcareInfoSecurity the Department of Health and Human Services’ HIPPA breach portal have recorded 229 data breaches affecting 6.1 million individuals since the start of 2018. From that same source, here are the top 5 security breaches reported this past year alone:

1. West Des Moines, Iowa-based UnityPoint Health: 1,421,107 individuals affected in a hacking/IT incident

2. California Department of Developmental Services: 582,174 individuals affected in a theft incident

3. Bartlett, Tenn.-based MSK Group: 566,236 individuals affected in a hacking/IT incident

4. Baltimore-based LifeBridge Health: 538,127 individuals affected in a hacking/IT incident

5. SSM Health St. Mary's Hospital-Jefferson City (Mo.): 301,000 individuals affected in an improper disposal incident

Every once in a while, it’s out-of-date hardware that leaves your building automation system vulnerable, but more often than not, it comes down to human error.  Someone may have a password written on a sticky note with login credentials in an unsecured location, or they may fail to logout of their system.  I cannot overstate how important it is to have the BAS team trained and up to speed on how to keep your system more secure.  Stay tuned for part two of this post where I’ll share some detail on how to ensure your BAS controls are secure.