In the article “Smart buildings: What 'smart' really means”, Lecomte (2019) states that having certification with standardized metrics is fundamental for smart buildings to wholly emerge in the 'built environment'. Lecomte mentions that the lack of unanimity from various stakeholders has delayed the drafting of standardized rubrics. Hence, private and public sectors design their own metrics to assess smart buildings but their rubrics vary from one another. However, current private and public metrics have been unsuccessful in tackling the complicated and expanding aspect that buildings will perform in ‘smart cities’. Lecomte emphasises that one crucial component to be included in the standardized rubrics would be cyber risk management as cyber threats ‘increase exponentially’ along with more advanced and integrated technology in smart buildings. Lecomte concludes that holistic and reliable 'smart building certifications and rubrics' will be the foundation of a 'functioning market for smart real estate'.
Although Lecomte has discussed the importance of incorporating cyber risk management in the rubrics, he fails to mention how cyber-attack can affect operations, why companies keep quiet and how to improve cyber risk management through a case study.
While more smart buildings are popping up all over the world, few know cyber risks that increase with the increasing smart building. Equipping smart building with the proper security systems would help to minimise and even eliminate potential cyber risks. Lecomte quoted Target losing 40 million debit and credit card records data as a prime example of a cyber attack but fails to elaborate on how Target’s daily operation could be affected. In the article “Business interruption resurfaces as top business risk in Singapore”, Chan(2019) stated that “responders rank cyber as the business interruption trigger they fear most” as cyberattacks can result “in a disruption of operations and services costing hundreds of millions of dollars”. Chan (2019) also gave an example by listing a few companies which have suffered disruption to their logistics line. Marek Stanislawski, deputy global head of cyber, AGCS, quoted “Cyber risk has been a major risk for a number of years but as with any new risk it has struggled with awareness”
Cyber-attacks are causing damages to companies around the world but only a small quantity of companies came forward and disclosed the attacks. Lecomte listed out Target as an example quoting “ANREV reminds us that in 2013, hackers gained access to up to 40 million debit and credit card records”. In the article “Cyberattacks: Why Companies Keep Quiet”, it stated that most companies do not want to reveal the extent of damage due to “possibly scaring off potential or existing customers, damaging their stock value, or incurring potential legal liabilities.”. Revealing it will help other companies to look at their cybersecurity system and identify if there are any loopholes. For example, in the article “Uber Paid Hackers to Delete Stolen Data on 57 Million People”, Uber concealed about the fact that their consumer data got stolen for more than a year. “A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur.”, but Uber failed to do so on many occasions such as in 2014 for failing to disclose an earlier data breach which Uber was fined for $20,000.
There should be more case study about the cyber breach to explain how the security system was breached and identify how to mitigate it. Based on the original article, Target data was “stolen from the company’s heat ventilation and air-conditioning operator”. In the the article “SingHealth data breach probe reveals ‘blanket’ of basic failings”, SingHealth identified the problems they had in their cybersecurity. There was also a public report “detailing the attacker’s identity and methods” which could assist other company to further enhance their security system The report gave a "blow-by-blow account" which led to SingHealth leaking 1.5 million data of patients. The article also stated the aftermath of the cyber breach and what steps SingHealth have taken to resolve the issues identified.
To conclude, Lecomte briefly touched on the need to include cyber risk management as a key area of focus in a standardised rubrics. Nevertheless, Lecomte did not elaborate on how cyber-attacks can affect operations and the reason behind why do companies not speak up about experience a cyber-attack. Furthermore, Lecomte mentioned “such threats should be clearly identified, assessed and known” but fails to mention it can be done through case studies.
Edited 7/10/2019
Chan, D. (2019, February 5). Business interruption resurfaces as top business risk in Singapore. Retrieved October 2019, from The Business Times: https://www.businesstimes.com.sg/companies-markets/business-interruption-resurfaces-as-top-business-risk-in-singapore
Lecomte, P. (2019, January 29). Smart buildings: What 'smart' really means. Retrieved September 2019, from The Business Times: https://www.businesstimes.com.sg/opinion/smart-buildings-what-smart-really-means
Newcomer, E. (2017, November 22). Uber paid hackers to delete stolen data on 57 million people. Retrieved October 2019, from Bloomberg: https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
SingHealth data breach probe reveals 'blanket' of basic failings. (2019, January 10). Retrieved October 2019, from The Business Times: https://www.businesstimes.com.sg/government-economy/singhealth-data-breach-probe-reveals-blanket-of-basic-failings
Javers, E. (2013, February 25). Cyberattacks: Why companies keep quiet. Retrieved October 2019, from CNBC: https://www.cnbc.com/id/100491610
No comments:
Post a Comment