Tuesday, October 15, 2019

[Draft 3] Summary_Reader_Response: "Smart Buildings: What ‘smart' really means"

In the article “Smart buildings: What 'smart' really means”, Lecomte (2019) states that having certification with standardized metrics is fundamental for smart buildings to wholly emerge in the 'built environment'. Lecomte mentions that the lack of unanimity from various stakeholders has delayed the drafting of standardized rubrics. Hence, private and public sectors design their own metrics to assess smart buildings, but their rubrics vary from one another. However, current private and public metrics have been unsuccessful in tackling the complicated and expanding aspect that buildings will perform in “smart cities”. Lecomte emphasises that one crucial component to be included in the standardized rubrics would be cyber risk management as cyber threats “increase exponentially” along with more advanced and integrated technology in smart buildings. Lecomte concludes that holistic and reliable “smart building certifications and rubrics” will be the foundation of a “functioning market for smart real estate”.

Although Lecomte has discussed the importance of incorporating cyber risk management in the rubrics, he fails to mention how cyber-attacks can affect operations, why companies keep quiet and how to improve cyber risk management through a case study. 

While more smart buildings are popping up all around the world, few people know how building operations can be affected with the increasing number of smart buildings. Lecomte quoted Target losing 40 million debit and credit card records data as a prime example of a cyber-attack but failed to elaborate on how Target’s daily operation could be affected. Customers could be less willing to spend in Target in fear of their card records data being stolen. Equipping smart building with the proper security systems would help to minimise and even eliminate potential cyber risks. Related to customer hesitation to spend in Target is the idea that business can also be disrupted on their management aspect. According to Chan(2019), he stated that “responders rank cyber as the business interruption trigger they fear most” as cyberattacks can result “in a disruption of operations and services costing hundreds of millions of dollars”. Cyber-attacks are a growing concern to many companies as it may implicate their day-to-day operations. Marek Stanislawski, deputy global head of cyber, AGCS, quoted “Cyber risk has been a major risk for a number of years but as with any new risk it has struggled with awareness”. Although cyber risk has been a major concern, few companies considered it as a major business interruption that can cause major financial losses to them.

Cyber-attacks are causing damages to companies around the world but only a small quantity of companies came forward and disclosed the attacks. Lecomte listed out Target as an example quoting “ANREV reminds us that in 2013, hackers gained access to up to 40 million debit and credit card records”. It was through another source that disclosed Target’s security was breached which could further tarnish Target’s public image causing consumer to lose trust in them. According to Javers(2013), he stated that most companies do not want to reveal the extent of damage due to “possibly scaring off potential or existing customers, damaging their stock value, or incurring potential legal liabilities.”. Disclosing that the fact that the security system was breached is bad publicity which can negatively impact the company in many ways. Revealing it will help other companies to look at their cybersecurity system and identify if there are any loopholes. According to Newcomer(2017), Uber concealed about the fact that their consumer data got stolen for more than a year. This may give Uber’s customers a perception that the company lack integrity causing them to lose customers. “A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur.”, but Uber failed to do so on many occasions such as in 2014 for failing to disclose an earlier data breach which Uber was fined for $20,000. Even with laws in place to make companies report about the breach, companies still bypass the law as the disadvantage of reporting outweighs the advantage.

Although Lecomte’s article discussed about the many aspects of cyber risk management, he failed to give a case study. There should been a case study about the cyber breach to explain how the security system was breached and identify how to mitigate it. Based on the original article, Target data was “stolen from the company’s heat ventilation and air-conditioning operator”. It shows how easy data can be stolen if the system is missing the appropriate security. In the article “SingHealth data breach probe reveals ‘blanket’ of basic failings”, SingHealth identified the problems they had in their cybersecurity. Although Singhealth failed to stop the breach, their transparency about the breach will regain the patients’ trust. There was also a public report “detailing the attacker’s identity and methods” which could assist other company to further enhance their security system. Knowing how the breach occurs can help other companies to enhance their existing system. The report gave a "blow-by-blow account" of how SingHealth leaked 1.5 million data of patients. With a fully detailed report on how SingHealth was breached, it could help other companies to identify if there are any gaps in their existing systems. The article also stated the aftermath of the cyber breach and what steps SingHealth have taken to resolve the issues identified. With proper business recovery plans in place, this could help safeguard the company reputation and develop confidence within the business.

To conclude, Lecomte briefly touched on the need to include cyber risk management as a key area of focus in a standardised rubric. Nevertheless, he did not elaborate on how cyber-attacks can affect operations and the reason behind why companies do not speak up about experience a cyber-attack. Furthermore, he mentioned “such threats should be clearly identified, assessed and known” but fails to mention it can be done through case studies. With increasing smart buildings, there is really a need to look at cyber risk management. Smart buildings are the way to the future, stakeholders in the facilities management in the industry such as engineers, contractors and developers must look at cyber risk management.

Chan, D. (2019, February 5). Business interruption resurfaces as top business risk in Singapore. Retrieved October 2019, from The Business Times: https://www.businesstimes.com.sg/companies-markets/business-interruption-resurfaces-as-top-business-risk-in-singapore
Lecomte, P. (2019, January 29). Smart buildings: What 'smart' really means. Retrieved September 2019, from The Business Times: https://www.businesstimes.com.sg/opinion/smart-buildings-what-smart-really-means
Newcomer, E. (2017, November 22). Uber paid hackers to delete stolen data on 57 million people. Retrieved October 2019, from Bloomberg: https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
SingHealth data breach probe reveals 'blanket' of basic failings. (2019, January 10). Retrieved October 2019, from The Business Times: https://www.businesstimes.com.sg/government-economy/singhealth-data-breach-probe-reveals-blanket-of-basic-failings
Javers, E. (2013, February 25). Cyberattacks: Why companies keep quiet. Retrieved October 2019, from CNBC: https://www.cnbc.com/id/100491610




No comments:

Post a Comment

Critical Reflection [Draft]

In the course of this module, I have learned many valuable and useful skills that will be useful to me, be it applying it in school or at w...