I recently had a discussion with some of our client leaders and we had a good laugh about the technology hype cycle. These cycles are often reflected (and hopefully not amplified) in this column, as I aim to shed light and add perspective to the topics of greatest interest to my clients.
Indeed, artificial intelligence, especially generative artificial intelligence, are all in their current cycle. And in the not-too-distant past, cryptocurrencies and the Metaverse occupied the cycle. One topic that deserves to be brought to the forefront is cybersecurity.
I was inspired to discuss cyber because I had some customer interactions recently that made me realize that cyber is not a topic that all companies are comfortable or comfortable discussing. In my experience, clients are reluctant to share their own cyber incident experiences (for reasons of sensitivity), and many are unsure whether their plans, defenses, and capabilities are up to the challenge. He doesn't seem confident. While I understand the general reluctance on this subject, I've noticed how few forums exist for people to share their experiences and reactions when a breach occurs. Nevertheless, we thought it was important to cover some basics of what you can and should do to prepare. To that end, here's advice from Deloitte's cyber and strategic risk leaders on preventing or responding to the growing number of ransomware incidents.
Plan your most important systems and assets. Chief information security officers and chief information officers can identify the assets (software, hardware, OT, processes, people) that are most important to their organization's mission-critical operations. At a minimum, basic cyber hygiene measures (password complexity, rotation, backup patching and vulnerability management, and strong threat monitoring) can be implemented for this manageable area of assets. These minimal steps will help minimize the damage if an attack occurs.
Prevent compromised information technology from spreading to operational technology. CISOs and CIOs can physically and logically separate networks and data for different organizational units between a company's IT and OT (in this case, building-level operational technology). The idea is to prevent operationally critical building technology from becoming useless if a company's IT systems become infected. Infecting an IT system is not an ideal situation, but cyber issues within a facility are the stuff of nightmares.
Prioritize implementation of “Zero Trust”: Zero Trust is a new security paradigm in which organizations commit to never trust and always verify access. Staff may consider implementing system-wide safeguards by resisting trust for all transactions or actions, even if they are repetitive or internal activities.
Pursue strategic initiatives for future resilience: CISOs and CIOs can review business continuity and single points of failure (technical and human failures) disaster recovery processes to support rapid response to attacks. We hire seasoned cybersecurity leaders and staff who can provide a balance of business acumen and technical experience to help you respond to attacks and threats.
Plan ahead for a crisis: CISOs and CIOs should regularly run cyber simulation exercises to test their incident response readiness and prepare for future disruptions. This may include crisis management scenarios focused on crew safety, internal and external communications, and rapid recovery of mission-critical operations.
The real estate industry, with its large-scale single currency transactions (asset purchases/sales), high volumes of financial transactions (rents), and significant asset-level operations, all make it an attractive target for cybercriminals. I am. This topic is top of mind for Deloitte clients for a variety of reasons. Our annual survey of commercial real estate clients conducted last summer found that cyber was one of the most significant risks, ranked based on potential financial impact, as identified by client executives. It was shown. When we interact with the audit and risk committees of our real estate clients, cyber frequently comes up as a top topic. We hope you are satisfied with following the above recommendations. If not, it's worth being honest about why you don't and why you need to change that.
John D'Angelo is a Managing Director at Deloitte Consulting LLP, a real estate solutions leader who designs solutions to address client challenges and move the industry forward. John is a global real estate management consultant with over 30 years of experience helping leading real estate companies leverage technology and data to optimize and transform their operations.
Read the May 2024 issue of CPE.
