Yes, You Really Need to Up Your Cybersecurity Now

For a few years, cybercriminals have been targeting CRE companies. It’s not going to suddenly stop.

First American Financial Corporation has a special webpage up: “First American has experienced a cybersecurity incident. In response, we have taken certain systems offline and are working to return to normal business operations as soon as possible. Updates will be posted to this page.”

HousingWire first reported the story or, to be more specific, this particular incident, because the problem that commercial real estate companies are facing from cybercriminals isn’t new.

Warnings about cybersecurity treats to CRE firms go back to at least 2019. In 2021, experts were telling GlobeSt.com about ongoing problems of this type. Cybercriminals were getting more creative with how they got into a company’s servers.

A “medium-sized national office property owner” fell prey to three separate ransomware attacks, Jeff Ewing, vice president of operations for commercial real estate computer technology provider 5Q, told GlobeSt.com—twice on corporate data and once on the building network.

“It’s not that they don’t care,” Ewing said, “but the bad guys have also gotten smart enough that if it’s not a publicly owned company, they can keep the ransom low enough that it will be paid. Some of these companies just want to fix the problem and move on, and then they don’t think about it anymore. Until it happens again.”

If a company is lucky, it will be up and running within a few days, but it can also take much longer, which is lost revenue and opportunities. Then there are the costs to address the problems and restore systems. Plus, maybe that ransom.

Last year, according to JLL’s property management group, Red Bison Technology Group, and Aon, there are three areas where building owners frequently have misperceptions. “[T]hey must fully understand the risk of Information Technology and Operational Technology (IT/OT) threats, why comprehensive cyber insurance is necessary to protect against catastrophic loss and how to meet minimum compliance and cyber insurance requirements,” the companies said.

The big problem: attackers can often break into a building’s systems and then move from there into the IT systems. “I frequently have conversations with building owners who remain confused about the risk of OT threats and what is or is not covered,” said Jason Lund, leader of technology infrastructure at JLL, in prepared remarks at the time. “In the past, this lack of understanding was not researched sufficiently by the owner. Unfortunately, the problem has now become too great to ignore.”

Paying ransom is ultimately an utter waste of money. Facing unnecessary down time also is. If you haven’t yet, then prepare a real New Year’s resolution and ensure that your company doesn’t join the “been hacked” club.