NEW YORK CITY—The time has come to pay attention to cyber security—the focus of the upcoming cyberSecure conference here in December. Yet the real estate industry has been surprisingly slow to sit up and take notice.
“This is a real threat, it's not hypothetical and the impact is staggering,” declares Jodie Kelley, SVP and general counsel, BSA | The Software Alliance. “Symantec [a cyber security tool provider] estimated a million new threats were created each day in 2014. On average, an organization experiences a cyber threat every seven minutes. Someone may not get in to a company's system but the issue is pervasive and a lot isn't even visible to companies.”
But commercial real estate firms have been slow to jump on the bandwagon. “They're interested in making deals and collecting rent,” says Jim Ambrosini, managing director at industry accounting and consulting firm CohnReznick Advisory and a cyber security specialist. “In general, information technology takes a back seat.”
“Only now,” he continues, “are CRE firms looking at this because of all the news and they may have board members or an investor asking 'Are you secure?' So they're doing assessments and we're finding dozens, if not hundreds, of vulnerabilities.”
And there's a lot riding on those assessments, Ambrosini asserts. “There's pending deal information, potential trade information and more. In one instance of a cyber security breach that we saw, an email system was hacked and it was used to analyze patterns of communication. From there, the hackers sent a letter, seemingly from the CEO, to the CFO requesting a wire transfer of several million dollars. It went through and was stopped only by the bank.”
Further, he continues, “The even bigger risk is reputational. Once word of a breach gets out, a company's reputation becomes tainted. There's no tolerance today for a lack of fiduciary duty around cybersecurity. It's going to make doing business with this company a lot more difficult because the repair—including fines, legal fees, bringing in consultants and more—causes a tremendous amount of disruption.”
Some C-suite executives know the problem needs to be addressed but they're not sure where to begin. The first step, experts say, is to take stock of your situation. “The very first thing we recommend companies do is look at their own network and see what's running on it,” advises Kelley. “People see threats as external but a lot of companies we've worked with don't know what they have in their network. They don't have a good inventory of their software and/or licenses, so they can't get all of the security patches they need.”
Next, advises Mark Stamford, founder and CEO of OccamSec, “Look at what other industries—such as retail—have done. That's the most important thing for real estate firms, instead of starting from scratch.”
However, he cautions, “You have to consider the specifics of your industry and how it may be targeted. You can't just blindly copy what someone else is doing.” Then, put tools in place, but choose very carefully.
“Information security is driven by FUD-fear, uncertainty and doubt,” warns Stamford. “But people have to reel that back and keep a check on what's going on because there is a lot of hype. It pays to do some due diligence before throwing money at this problem.”
Want to continue reading?
Become a Free ALM Digital Reader.
Once you are an ALM Digital Member, you’ll receive:
- Breaking commercial real estate news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Rayna Katz
Rayna Katz is a seasoned business journalist whose extensive experience includes coverage of the lodging sector, travel and the culinary space. She was most recently content director for a business-to-business publisher, overseeing four publications. While at Meeting News, a travel trade publication, she received a Best Reporting award for a story on meeting cancellations in New Orleans during Hurricane Katrina.
