Commercial real estate firms are vulnerable to cyber attacks due to the vast amounts of data and high value of transactions involved in their day-to-day business. However, without sufficient expertise to plan and implement a multi-layered cybersecurity defence, any business is at risk. Forensic Partner Brendan Read shared his insights with Commercial Property Guide.
"The commercial real estate industry is no different to any other industry that might be targeted by cyber criminals. Any organisation that doesn't implement appropriate mitigation strategies can become a target."
The risks associated with insufficient cyber defences may be widespread. Apart from potential losses through disruptions to operations and productivity, businesses may also be vulnerable to extortion attempts by threat actors using sophisticated malware or ransomeware. Data exposure is a significant concern, particularly around breaches of privacy and confidential information, and organisations must be aware of mandatory reporting requirements and how to establish whether a cyber incident meets the criteria of a notifiable data breach. Additionally, the consequences of a cyber attack may cause reputational damage if perceived to be caused by the organisation's own negligence and may leave businesses open to regulatory or legal action.
Brendan discussed KordaMentha's 'defence in depth' approach to cybersecurity, noting organisations must strengthen measures through IT infrastructure, staff awareness and training and engaging the appropriate cybersecurity expertise. "The key is not to rely solely on technology as a means of protecting your vital company data and systems," he said. "Instead, the answer lies in creating a layered defence to your organisation's security framework. I strongly advise companies not to rely on a single solution - as that solution could become the single point of failure for the organisation - and something as simple as a user opening a malicious attachment or clicking on an embedded link can lead to a major cyber incident."
Understanding that the motivations behind cyber attacks can be varied, Brendan highlighted that, "Organisations need to establish their current cyber risk position and move towards developing a robust cyber response plan to ensure that if a cyber incident occurs they are ready to respond quickly to minimise exposure."
