Cyberattacks in High-Rise Communities

May 2023

High-rise communities are ready to embrace conveniences and expectations of future residents in the 21st century.  The pandemic, a time when many more were working from home or unable to travel, made people more aware of their access to, or lack of modern conveniences.

A crucial part of these conveniences is Internet of Things – or IoT – which refers to connecting our many electronic systems, devices and appliances to the internet.  There are more than 30 billion smart objects connected to the IoT, providing us with conveniences and value-added services.  Many of these are devices used daily at home.  The smart building market, which includes systems used building-wide in our high-rise communities, is growing at a double-digit rate annually.  These are technologies we require to reduce energy consumption; increase performance of building systems; improve safety, health and security; and make our lives more enjoyable.

This embrace of Internet of Things exposes our communities to the risks of cyberattack.

What happens if a ransomware cyberattack prevents you from opening doors in the morning?   Should the corporation pay the ransom so doors will open, or does this expose your community to continued ransomware attacks?  A community may be prevented from turning on and off the HVAC system thus causing extreme discomfort for residents.  Building management may lose control of lights.  Electricity or water may get shut off.

We’ve all read of malware in the form of ransomware, phishing, spyware, and distributed-denial-of-service (DDos).  This is software intentionally designed to cause damage to a computer or computer network.  It may encrypt files and hold systems or data for ransom.  The only way to obtain access and control is to pay a ransom to the attackers.  How much would your corporation be forced to pay just to regain control of your building systems and data?

The average ransom paid by Canadian companies affected by a ransomware attack was $458,247 (Angus Reid survey, September 2021).  In the survey of more than 1,000 businesses, 55 percent of companies had been the victim of a recent ransomware attack, and one in five had been targeted multiple times.

The first line of defense against malware is to regularly change and manage passwords, and not open unexpected or unknown e-mail attachments.  Control vendor and employee access to systems so they only access areas pertinent to their duties.