NEW YORK CITY—In the year and a half that former New York Police Dept. commissioner Ray Kelly served as president, risk management services at Cushman & Wakefield, he got a sense of the cyber security risks—and the risk management attempts—happening in the commercial real estate industry.
Following his very recent move from Cushman to cyber security firm K2, he spoke EXCLUSIVELY with GlobeSt.com for this story, the third installment of a four-part series on cyber security in the industry.
GlobeSt.com: In what ways is the commercial real estate community at risk on cyber security?
Kelly: So many things are being shifted to cyber that the growth of the threat is growing exponentially. For example, building operators are moving toward controlling and conducting operations through the Internet. It's easier and it makes sense in many ways but there are vulnerabilities.
People need to look at the nature of a building, who the tenants are and who the owners are because all of that will impact the willingness of someone to introduce a cyber threat. They can steal money or secrets and black mail tenants or building management.
In commercial property management, the cyber attackers can go to very important services and potentially shut them down or disable them. For example, they can tamper with the HVAC system.
Also, vulnerabilities exist not only with the building owner but with contractors and vendors that have occupiers' and owners' data.
GlobeSt.com: What should industry firms be doing to safeguard against cyber attacks?
Kelly: About 80% of intrusions are believed to be caused by employee carelessness. If you leave doors open to negligence, people are going to walk through those doors. So you need training of employees and then you need monitoring of whether employees are adhering to security policy.
If not, there should be some penalty with bite to it, whether that means getting a letter saying an employee has to shape up or a cut in someone's bonus.
GlobeSt.com: In a recent speech, you said companies should deploy "multi-disciplined teams in place that can respond to a variety of different security events, be it online or at physical locations." Could you elaborate on what disciplines should be involved?
Kelly: A response team should include professionals in IT, public relations— because there needs to be an awareness of an attack and its impact on an organization's reputation—and attorneys. There also should be a security component.
And it's important to have someone at a high level, from the C-suite, that leads the committee because there has to be someone involved who has the clout to do things and do them quickly. It's an issue to get the attention of a CEO of any company. You have to have that access.
GlobeSt.com: What do you see ahead for the CRE industry on the cyber front?
Kelly: The industry has gotten the message. The big companies are striving to address the issue and stress to occupiers that security efforts are underway. I saw much more awareness of this issue at the end of my tenure at Cushman & Wakefield than at the beginning.
Want to continue reading?
Become a Free ALM Digital Reader.
Once you are an ALM Digital Member, you’ll receive:
- Breaking commercial real estate news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Rayna Katz
Rayna Katz is a seasoned business journalist whose extensive experience includes coverage of the lodging sector, travel and the culinary space. She was most recently content director for a business-to-business publisher, overseeing four publications. While at Meeting News, a travel trade publication, she received a Best Reporting award for a story on meeting cancellations in New Orleans during Hurricane Katrina.
