Skip to main content

Advisory Note - Is Your Building Protected from Cyber Threats

Page 1

A Service to A.G. Coombs Group Clients

Is your Building Protected from Cyber Threats? Cyber security incidents reported against both government and private organisations continue to increase in both frequency and severity.

What are the Key Threats to Building Owners? The entry point into a building ecosystem is frequently not the end target of a cyber-attack.

• Building Services Technologies and networks are often

State-sponsored actors and criminals are attempting to exploit businesses by accessing sensitive information through increasingly sophisticated techniques. “Intelligent” Buildings are frequently connected to the Internet to enable operators to take advantage of key benefits such as remote monitoring, management and analytics. Building Services Technology platforms often provide entry points to other critical inter-connected business systems for these malicious actors.

• •

less scrutinized from a security perspective than other business technologies. Building Services Technologies and networks are considered “soft touch” entry points into Building ecosystems. With the uptake of converged networks combining multiple building services onto a single network, the implications are increased with the potential of multiple systems becoming compromised in the event of a cyber-attack.

The serious risks associated with insufficient cyber defences in commercial buildings are well understood.

YEAR IN REVIEW

Figure 1: Cyber security incidents by severity category for FY23-24 (total 1,129) Sustained disruption of essential systems and associated services

C6

C5

C6

C5

Extensive compromise

Isolated compromise C6

Coordinated low-level malicious attack

C6

Low-level malicious attack C6

Unsuccessful low-level malicious attack

Source: Australian Signals Directorate Annual Cyber Threat Report 2023-2024

1

C5

C6

1

C6

C4

6 57 1 81 13

C4

C5

C3

20 93 6

C5

C5

C6

53 20

C3

C3

C4

C4

C6

C1

15 75 6 60 70

C2

C3

C3

C4

1 46 7 95 360

C6

C6

Member(s) of the public

Small organisation(s)

Medium-sized organisation(s)

State government

Federal government

Sole traders

Schools

Academia/R&D

Local government

Large organisation(s)

Government shared services

Supply chain

C6

C1

C1

C2

C3

C3

C6

3 11 28

National security Systems of National Significance

Regulated critical infrastructure

ASD categorises each cyber security incident it responds to on a scale of Category 1 (C1), the most severe, to Category 6 (C6), the least severe. Cyber security incidents are categorised on severity of impact and significance of the organisation’s impact to Australia. In FY2023–24, there was a slight decrease in the number of extensive compromises, while the number of unsuccessful low-level malicious attacks increased by 10% compared with FY2022–23. There was also a 39% increase in isolated compromises this financial year.


Turn static files into dynamic content formats.

Create a flipbook
Advisory Note - Is Your Building Protected from Cyber Threats by agcoombs - Issuu