Nearly 75% of organizations’ building management systems (BMS) and building automation systems (BAS) have been affected by known exploited vulnerabilities (KEVs), according to new report from Claroty’s Team82.
“Oftentimes, BMS and BAS are being operationalized on the network without thinking about the cybersecurity implications,” says Grant Geyer, chief strategy officer at Claroty. “What’s being gained in efficiency and convenience might be coming at a real risk if not effectively secured. For instance, the cooling of data centers or refrigeration of perishable goods in retail, which are critical systems to abruptly be taken offline if compromised."
Key takeaways:
· 51% are affected by KEVs that are also linked to ransomware and are insecurely connected to the internet. Within those organizations, 2% of devices contain the same level of risk, meaning that devices essential to business operations are operating at the highest level of risk exposure.
· The exposure level of these devices provides adversaries with easily accessible entry points that leave the door open to costly and potentially dangerous disruptions.
· The findings in the report show the need for protection of these systems to be given greater priority, especially as they are brought online for operational and business reasons such as remote management and analytics.
