Special Series: CRE Leaders Examine Growing Cybersecurity Concerns During Coronavirus Crisis
Exponential escalation of cybersecurity threats during the coronavirus pandemic is immobilizing some industries. The new normal requires evolved cybersecurity crisis management to protect organizations. Part III of Realcomm’s continued CRE coronavirus coverage featured Wells Fargo, Oxford Properties and 5Q Cyber’s cybersecurity planning for critical building infrastructures and effective remote work environments for Commercial and Corporate Real Estate professionals.
Acceleration of Cyber Threats
While cybersecurity threats are nothing new, the mass transition to a work from home (WFH) business model poses increased cyber threats targeted at individual and enterprise vulnerabilities during the COVID-19 pandemic. Realcomm’s cybersecurity webinar cited multiple instances of cyberattacks:
- The number of coronavirus-related spear phishing attacks (targeted email attacks sent to specific, well-researched victims) has quadrupled in less than three months. A recent Barracuda Blog revealed increases in: scamming (54%), brand impersonation (43%), blackmailing (11%) and business email compromise (1%).
- An FBI Public Service Announcement confirmed the rise in coronavirus-related email fraud that includes charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines and fake testing kits.
- Zoom, a leading video conference platform serving over 200 million users, has become a target for “zoombombing,” a form of organized harassment and abuse from uninvited participants. Amidst the coronavirus crisis, Zoom also has received scrutiny for load-shifting some North American calls through China, a country with vastly different privacy and security laws. New York City recently banned Zoom usage for schools, citing security concerns.
The onslaught of cyberattacks in the COVID-19 era is detrimental to many companies who responded quickly to redistribute central workforces with little time in planning and deploying WFH strategies. This is especially true for small-to-medium organizations with less capital and resources at their disposal. CRE organizations responsible for the physical and cybersecurity of occupants and tenants have an additional layer of complexity when adapting and keeping pace with growing threat.
Securing WFH Environments
The critical difference between WFH and office building cybersecurity is IT infrastructure. Mature processes and corporate IT protocols keep commercial buildings secure. Most WFH scenarios lack such infrastructure. David Sulston, Director of Security, National Programs at Oxford Properties frames the CRE question: “How do we ensure our business conversations we’re having over IT networks are as secure as those in the building?”
At-home protocols must align with corporate safety guidelines, including secure VPNs and up-to-date hardware. Wells Fargo follows a well-established cyber and corporate protection program encompassing both IT and OT technologies, devices and procedures. The program extends to WFH environments. Charles Meyers, SVP & Chief Technical Architect at Wells Fargo emphasized the importance of secured connections and high-quality, standardized equipment, “Key executives should have a hardened laptop issued by their workforce. They must have an encrypted hard drive as well.”
Equally important, WFH cybersecurity hinges upon continued communication, education and access between remote employees and IT teams. Help desk protocols need clear reporting infrastructures for immediate at-home help.
Building Systems and Physical Security
Not all buildings have shuttered their doors during the coronavirus crisis, nor are all employees working from home. For essential businesses and services, some commercial and corporate sites must remain operational with reduced (but critical) staff. Lacking full resources, security technology must provide a comprehensive lens into building activity at all times. “Buildings don’t go dormant," Meyers said. “They need secure connectivity.”
“There’s really clear symmetry between the physical and cyber worlds,” Sulston explained. “Empty buildings don’t have people pointing out abnormal behavior. Similarly, when a system is compromised, we don’t have the boots on the ground to point that out.”
The best security teams leverage technology that identifies vulnerabilities and confirms essential physical and remote access. Cybersecurity and physical security require continuous review of process and protocols. Whitelisting all service providers’ systems ensures they undergo the same scrutiny as the organization’s.
“The risk is huge because it’s not just the building that might be compromised,” Meyers stated. “Points of vulnerability become pivot points for malware that can jump over to the corporate network and compromise the building network itself. A systematic data compromise means you can have it and not know it months in advance.”
Strong systems inventory, endpoint protection and information access are key to building and employee safety in any contingency. But crisis management is much more than responding in the moment. Organizations must prepare for a return to office space that remained unused for months.
For example, when technology is turned off, how will software patches be addressed? 5Q Cyber CEO Don Goldstein asked, “Is it automatic? If no one’s in the office, is Wi-Fi active or shut down? Lower-cost security measures or dependence on third-party options may be sub-optimal, especially if the incidence response plan has never been tested.”
The new normal is raising a lot of questions and creating ample opportunity for collaboration and communal support.
Get Help and Share Resources: The Real Estate Cyber Consortium
Establishing new protocols, sharing best practices and relying on the CRE community are increased priorities in COVID-19 response. Meyers expressed that shared insights is paramount for smaller companies and remote workers, "We need recommendations for the common individual, improvements to simplify things. We require a standard for people to have a secure network and separate their personal or their kid's traffic from work traffic.”
Members of the CRE industry are rallying around an initiative to provide professional cybersecurity support through the Real Estate Cyber Consortium (RECC). The RECC was formed in 2018 to elevate awareness of and address industry-wide cybersecurity threats. The consortium aims to align the development, deployment and ongoing support of building technology solutions with a core set of security principles and standards.
“This is a time for compassion and to help each other in our community,” Goldstein said. “The RECC is an opportunity for information to be disseminated in a meaningful way, a place where people go to get and offer help.”
This Week’s Sponsor
Yardi® develops and supports industry-leading investment and property management software for all types and sizes of real estate companies. Established in 1984, Yardi is based in Santa Barbara, Calif., and serves clients worldwide. For more information on how Yardi is Energized for Tomorrow, visit yardi.com.
23 Years of Big Topics & Global Thought Leaders on CRE, Technology and Innovation For centuries, people left their homes and traveled to buildings to do things. They traveled by foot, horse, bicycle, automobile and airplanes. Over the years, technology began to chip away at the need to go someplace to do something.
7 Commercial Real Estate Technology Solutions to Help Digitize Your Operations The technology a company uses is becoming an increasingly important part of how it differentiates itself from competitors. The right software can streamline tedious tasks, helping employees to be more productive ultimately adding to the company’s bottom line.
Global Smart Buildings and Districts Inspire Innovation We are fortunate to be alive at a time when technology is enabling some of humanity’s wildest dreams. (Commercial space travel, anyone?) It’s also inspiring to see the great innovative work being done by the best and brightest in the building industry.
Revisit Your Technology Architecture Digital transformation has been a buzzword since the mid-2000s. It was primarily lip service and a concept that was included in future roadmaps but not next year's budgets. The pandemic rocked the world and changed everything. There is now no such thing as "business as usual."