Skip to content

Elevating Cybersecurity: The Need for Routine Cyber Drills in Facility Management

  • by

As facility management (FM) leaders, it’s crucial to invest in robust cybersecurity measures, encompassing technology, training, personnel, and processes. This article emphasizes the importance of incorporating cyber drills into regular safety practices.

The U.S. Department of Justice estimated financial losses due to cyber-attacks in the United States in2 022 to be US$10.3 billion. This figure is projected to balloon to a global scale of US$2 trillion by year’s end. Beyond financial loss, cyber-attacks pose a real threat to physical safety, as evidenced by an incident where hackers commandeered a steel mill’s furnace, causing extensive damage and endangering workers.

The pandemic has further exacerbated the situation, with a surge in remote working and digital adoption. This shift has led to increased exposure to cybersecurity vulnerabilities, inviting opportunistic attacks on unprepared infrastructures.

Given the growing prevalence of connected devices in the facilities sector, it’s imperative to address cybersecurity threats with the same rigor as physical safety concerns. Implementing regular cyber drills, akin to fire drills, should become a standard practice in all businesses.

Introducing Cybersecurity Drills

Cyber drills are simulated exercises designed to test an organization’s readiness to identify and respond to real-life cyber threats. These drills typically involve a ‘red team’—either in-house or external security experts—mimicking hacker activities to challenge the organization’s defenses.

Post-drill analyses are crucial. They highlight successful defense strategies and identify areas for improvement in personnel, processes, or technology.

Preventing Cyber Attacks

Human error, not technology, accounts for 77% of cyber breaches. Thus, FM industries must focus on educating personnel and refining processes to cultivate a strong cybersecurity culture.

A report from the Australian Cyber Security Centre (ACSC) reveals that nearly half of small to medium-sized businesses (SMBs) have only average or below-average understanding of cybersecurity. Many SMBs are unaware of the myriad attack vectors, such as trojans, keystroke logging, insider threats, and various forms of phishing.

For instance, typosquatting is a tactic where attackers impersonate high-profile executives with slightly altered URLs. Untrained staff might fall prey to these schemes, leading to unauthorized financial transactions or data breaches.

By educating all staff, organizations can significantly reduce the likelihood of such attacks going unnoticed.

Assessing Cyber Risks

Businesses should evaluate cybersecurity risks across three key areas: people, systems, and processes. Consider the likelihood of staff inadvertently enabling malware attacks, the vulnerability of systems lacking security updates, and the effectiveness of existing cybersecurity policies.

Questions to ponder include the comprehensiveness of your cybersecurity strategy, the robustness of governance, policies, and procedures, and the strength of your risk assessments, monitoring, and response mechanisms. Also, consider the diversity and expertise of your people and partners in defending against cyber threats.

Leadership’s Role in Cybersecurity

Cybersecurity is not solely an IT concern; it’s a critical business issue. Company leadership, including board members and CEOs, must view cybersecurity through a risk management lens, understanding their accountability for potential impacts.

This shift requires commitment, continuous learning, awareness, training, change management, and strong leadership. Ignoring these responsibilities can lead to severe legal, reputational, and financial consequences.

Cultural change in cybersecurity is neither quick nor simple, but it’s essential for the welfare of the business and the industry at large. The time to act on cybersecurity is now, to prevent future crises.

In conclusion, for FM leaders, prioritizing cybersecurity is as crucial as any other aspect of facility management. Regular cyber drills, continuous education, and strong leadership commitment are the pillars of a robust cybersecurity culture, essential in today’s increasingly digital world.

What Our Clients Say

They were fabulous with their work and communication. We used them on a commercial project for our electronic lockers and it went very smoothly. Thanks so much!

Jacob M.

I am very impressed with Tom and his crew. They’re responsive, reliable, and do top quality work.

Jeff P.

We hired Momentum to help with installing an electric wall oven. These guys are remarkably professional; and they take customer satisfaction very seriously.

Ki V.

Momentum offered a reasonable price, accommodated our tight timing and executed the project seamlessly. The project had many unexpected issues and they solved all of them in a short period of time.

Dan S.

Momentum’s work was done efficiently and professionally at a reasonable price. Will definitely use them for future projects if anything comes up.

Stephanie M.

Highly recommend!! Exceptional service and price. Tom was very helpful, a really nice straight forward guy who definitely cares about his clients.

Amy R.