Corporate laptops, smartphones, desktops—InfoSec is top of mind. But what about non-IT systems?
Companies secure traditional IT equipment, but may overlook networked devices. There are a significant number of networked devices outside the typical IT ecosystem. Intelligent building management systems—like HVAC, lighting controls, irrigation and security cameras—are integrated through common and open data communication protocols and hardware. These systems are vulnerable to cyberattacks or unauthorized use. Left unchecked, facilities remain exposed to a host of cyber threats. Risky.
To address this risk, corporations need to truly understand the types of equipment in their environment, and how to secure them. One of the largest banks in the nation wanted to be at the forefront of mitigation to best serve and protect their customers.
With over 8,000 North America locations—from standalone ATMs to embedded branches within grocery stores to larger retail locations—this would be no small feat. They needed an all-in partner with the geographic footprint and technical expertise to validate their properties. Each location needed to be skillfully assessed for any vulnerability. We gladly answered the call. Partnering with this valued client, over 12 weeks we thoroughly site assessed, collecting mission-critical data across their North American footprint.
We got to work. We stood up a Command Center to mobilize a team of site contacts and building engineers, and to run an aggressive assessment schedule. Serving as both repository and QA check, our Command Center delivered a runbook for how on-site teams would capture, validate and report out intelligent building management systems findings. Location by location.
What did we find? Smaller locations were less at risk; it was the larger retail locations that raised substantial red flags. Our client’s network equipment supported more than 2,500 large retail bank locations and required swift remediation to prevent the risk of unauthorized access.
Our risk mitigation remedy? An updated network design that deciphers intelligent building management systems from corporate IT assets—installing glad-tight protections and security. With these systems secured on a separate network, unauthorized use or attack on a building system no longer poses risk to their corporate infrastructure. Added bonus, our building systems security solutions complied with our client’s standard corporate IT policies.
The proposition—assess 8,000 sites across the country in just 12 weeks. Logistics firepower—local delivery coupled with optimized, on-the-ground teams. Streamlined execution and major security gains delivered, even during the height of the program, when we conducted about 200 site surveys a day.
In addition to the massive logistical undertaking, our technology experts—immersed in security, networking and smart buildings—worked lock step with the client’s other third-party integrators to develop, implement and improve both the site assessment runbooks and segmented network design.
Synergy. Reliability. Performance. Efficiency. All driven through the power of true partnership.
No news is good news when it comes to risk mitigation. By completing the assessments and remediation, our client’s building management systems are at significantly reduced risk and vulnerability. They’re better positioned to prevent major breaches from happening. Risks to employee safety and productivity to brand reputation, mitigated. Customers protected and confident to do more business.