While cybersecurity threats are now one of the most widely discussed risks for businesses large and small, many apartment industry leaders feel that there is still much work to be done before they would have confidence in their enterprises’ systems and response processes.
During an engrossing discussion at 2017 NMHC Spring Board Meeting, issue area experts Kristy Simonette, senior vice president for strategic services and chief information officer at Camden Property Trust and Anil Markose, principal and cyber threat management leader at Ernst & Young, provided their views on how cybersecurity threats are being addressed by the multifamily industry and by other sectors.
Markose noted that understanding and appreciation of the importance of cybersecurity has grown significantly among c-suite executives over the last decade, and there is greater respect for the threats posed to business from cyber threats. However, he cautioned that technology is moving faster than ever. For instance, it now only takes 35 days for a new technology to hit the market and reach a critical mass of users. Disturbingly, it can over 240 days for an attacker to be detected before they are discovered.
Amil also provided a stark review of how prevalent cyber security attacks are and how businesses are reacting, for example:
- 87 percent of board and c-suite execs lack confidence in their org’s cybersecurity;
- 73 percent of business leaders are concerned about poor user awareness/behavior;
- 57 percent of organizations have had a recent cybersecurity incident;
- 86 percent of cybersecurity functions do not meet their organization’s needs; and
- 42 percent do not have an agreed communications response strategy/plan.
Despite the serious risks that cybersecurity threats pose, there are a few straightforward practices that, if employed, can go a long way towards protecting an organization’s systems. E&Y recommends that businesses need to train their staff to be ready to respond. Some of the best are using so-called “red teams” to test their systems around plausible scenarios relevant to their respective industries. Also, a healthy level of paranoia/alertness is helpful. Staff members need to be comfortable with alerting leadership to potential problems.
Specific to the multifamily industry, many organizations are working on how to provide the best amenities, including products that are now considered part of the “Internet of Things.” These tools could potentially provide access points to a business’ IT systems so when marketing and sales teams are developing new amenities, they should work closely with IT and security teams to make sure they do not pose a risk to the larger system.
NMHC also announced a new cybersecurity notification system to inform members of real-time cyber threats during the session. To sign up for the service, please click here.
- FTC Commercial Surveillance and Data Security Comment Letter
- Legislation that Creates Federal Data Privacy Standard Advances to Senate
- NMHC NAA Data Privacy Letter to Energy and Commerce Committee
- NMHC NAA Letter on Data Privacy
- Bipartisan Lawmakers Release Federal Data Privacy Bill That Would Have Impact on Multifamily Data Practices