Innovations in Comfort, Efficiency, and Safety Solutions.
|Is your building cybersecure?
Data, privacy, the cloud and security in this age of hyper-connectivity
In late 2019, Alerton
hosted a conference for its partners in California. There, Eric O’Neill, a former
FBI counter-terrorism and counter-intelligence operative, spoke about
cybersecurity in our new age of smart technology and connectivity.
A question came from the audience: how do we
respond to a customer who doesn’t worry about maintaining their operating
system or securing the network, because they aren’t connected to the Internet?
O’Neill threw his head back and laughed. “If
they think it’s secure, it’s not secure.”
That’s the attitude we need today: a healthy
skepticism to fuel our cyber awareness.
We all know cyberattacks are a real threat in
today's hyper-connected world, but so many folks don’t realize just what that
entails. Unfortunately, cybersecurity techniques for traditional IT systems may
not work for connected Operational Technology (OT) systems, as the National Institute of Standards and Technology (NIST)
shared in a paper last year.
It’s a new decade, and technology’s advancing
whether we’re ready or not. We must catch up with the cybersecurity demands
What does cybersecurity look like today?
When it comes to cybersecurity, you can’t rest
on your laurels. It’s not a one-and-done process, and there are no
half-measures or shortcuts.
Cybersecurity’s a perpetual journey of
learning and refining and reiterating. Today, where hacks are commonplace and
take so many different forms, there’s no getting out of it.
Many attacks — malware, email phishing,
distributed denial of service (DDOS), ransomware and the like — capitalize on
our connectivity. The NIST cybersecurity framework is a tremendously
useful resource in guarding against those cyberattacks.
We shouldn’t discount the power of a
confidence trick or social hacking. They might seem more old-fashioned, but
they’re no less potent. There have also been cases where someone found
sensitive information on a slip of paper, or even went dumpster-diving to get
the credentials they needed to hack a system. If a hacker sees an opportunity —
whether it’s social, physical, or digital — they won’t hesitate to use it.
Cybersecurity’s an evolving concern, but one
tenet remains constant: we cannot take for granted that our system is secure.
We must expect the worst in order to prepare for it.
Why should I update my software?
Here’s an oxymoron for you: “My system’s
mission critical, so I can’t update
the operating system.”
That sentiment is oddly commonplace, and it
speaks to a real misunderstanding about the importance of software updates.
Companies don’t push software updates for the
heck of it. At the very least, software updates improve on the release that
came before for a better user experience. More critically, many software
updates address technical bugs and security vulnerabilities that might
otherwise keep your system from running properly.
The system being critical isn’t an excuse not to push updates. It’s the exact
reason to push them. The danger of
cyberattacks makes it even more important to maintain and update the system.
While we might think our systems are working just fine, vendors often get
feedback from different customers on cybersecurity flaws. By updating our
systems, we benefit from the result of many different “penetration tests” on
other users’ networks.
Of course, we all know that updating software
doesn’t always go smoothly. That’s why most large organizations don’t let
software updates get pushed automatically, as a standard policy. They vet the
updates first and ensure it won’t mess up the system before they deploy. They
still push those updates even if they’re a week or a month behind.
Dealers and integrators need to adopt that
process. Blend software screening into your workflows and ensure that updates
won’t affect the network before you push them out. Consider setting up a clone
of your customers’ systems to test software updates.
Can we trust the cloud?
It’s only in recent years that the perception
of the cloud has begun to change, and there’s a long way to go yet. Many people
still see the cloud as vulnerable and easily hacked but often the cloud is
actually more secure than anything
folks are doing on the ground.
Think about it: securing the cloud is Amazon,
Google, and Microsoft’s business.
They have to be far more diligent about their security than any corporate IT on
the ground because, if their cloud services aren’t secure, they’re defunct. That’s
why even the government has begun to adopt the cloud.
A few years ago, the U.S. government
established a program called FedRAMP, which “facilitates the shift from
insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.”
FedRAMP’s goal is to “promote the adoption of
secure cloud services across the Federal government by providing a standardized
approach to security and risk assessment.”
There are still lots of holdouts, but the
FedRAMP program indicates a real shift for the cloud. People are increasingly
placing their trust in the cloud, because they know Google, Amazon, and
Microsoft are the experts. From their software to their server rooms and data
centers, these companies take security seriously.
The question of securing data centers and
server rooms is significant because many of the biggest hacks in recent years
have actually been physical hacks,
where someone found a way in. Your own server room is less likely to have the
level of monitoring, physical security, and digital security that an
organization like Amazon or Google has.
Their facilities are locked down with cameras
everywhere. The moment someone adds a device to the network, they know. In
fact, they can ensure that no outside, unregistered computers can connect to
the network or system. They might even design the facilities so that the comms
room is kept separate from the data center, and anyone doing maintenance on the
comms room can’t access the data center.
The best of the best makes sure these cloud service companies deliver on their promise of security. How confident are you in your security systems?
Talk with experts about cybersecurity. Learn all you can about best practices and ways to safeguard your systems. And, approach cybersecurity with an attitude of humility: as Eric O’Neill so eloquently said, the moment you’re confident that your systems are secure, they aren’t.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]