A Small Investment In Cybersecurity Now Can Reap Major Benefits
CRE tech has advanced far in a short amount of time. It can now be used to manage a building and startups are looking to disrupt everything from improving the workflow at a construction site to how deals are financed. But too often, commercial real estate companies are not correspondingly increasing their investment in cybersecurity, leaving themselves and their clients vulnerable.
Over 20 billion Internet of Things-connected devices are expected to be online in 2017, and that number is expected to skyrocket to 75.44 billion by 2025.
And it will all be hacked one day, said Geoff Kasselman, NGKF executive managing director and 2017 SIOR national president. There are simply too many algorithms and self-learning, artificial intelligence-enabled spybots poking for the weak link in a device's security.
There seems to be a greater sense of urgency toward cybersecurity outside of the industry. Kasselman said he had a meeting in Washington, DC, with other CRE execs and the chair of a federal financial group who had a front row seat to the 2008 economic collapse. That group and others in government work constantly to ensure their websites and data are secure, and still do not feel completely satisfied.
"If this is the federal government saying that, then we all need to consider protecting our cyber presences," Kasselman said.
Kasselman said there are two types of businesses: the ones that have been hacked and those that will be. He shared the story of a client who rejected a $10K to $15K cost to improve the security of his data. Hackers were later able to access his customer list, and sent out phishing emails to those customers using his email address. It cost Kasselman's client $120K to fix the problem over the span of a week, in addition to the lost sales from customers. He said too many businesses still treat cybersecurity as a budgeting item instead of an insurance policy to protect themselves from a catastrophic breach that will cost them more money down the road.
Cybersecurity is of particular concern to data center developers. Kasselman said data center groups are hiring more computer scientists and cybersecurity experts to search for vulnerabilities within their own systems and achieve "five-nine" status. Five-nine is a measurement of a data center's reliability — it refers to the 99.999% of the time that a data center should be available for use. But even data centers that attain five-nine status have one hour on average per year offline. That can still prove catastrophic to an end user. So more users are adapting a "follow the sun" strategy, hosting data in data centers in different time zones. This ensures that a user's data is only as old as the last pulse, and can live on forever in time zones outside the U.S.
Savvy data center users are embracing the cloud these days. NGKF executive managing director Bryan Loewen, SIOR, said companies have a baseline to what they consider mission critical hardware that will remain inside a controlled data center. The rest is going into the cloud, but this poses another problem. Loewen said the biggest problem with placing data into the cloud is that it is harder to remove.