Keith Bereskin, VP, Information Technology and Building Operations, Healthpeak Properties, Inc.
With greater reliance on smart building technology, REITs continue to experience increased cybersecurity risks. As a building owner, we partner with our local property managers, who monitor and control the building technology infrastructure, to closely assess each of our properties’ unique and potential cybersecurity risks.
Collectively, we seek to maintain a strong cybersecurity framework that oversees both technology and people, and includes information security guidelines, as well as user training, access controls, and cyber breach or incident response plans. We believe this approach is vital to identity and ultimately minimize cybersecurity risks within our properties.
Smart building features, as well as overall cyber risks, will continue to evolve, so we must regularly communicate with our partners to evaluate and update our framework to attempt to stay one step ahead of cybercriminal activity.”
Bron McCall, SVP, Chief Technology Officer, Extra Space Storage Inc.
Smart building technologies certainly can add cybersecurity risks if not addressed properly. Any external system added to your network introduces potential avenues for bad actors to gain access to your network by compromising the third-party system.
It is important to isolate these systems on your network and do the due diligence to vet your potential partners’ own cybersecurity practices. This topic is certainly top of mind for us as we continue to introduce more smart building technologies at our properties. Some of these are customer facing, which can add complexity and the need for more robust defenses.”
James Whalen, SVP, Chief Information, and Technology Officer, Boston Properties, Inc.
Smart buildings can increase the opportunities for potential compromise on a number of fronts: the sheer math of more networked devices; the need for systems to ‘talk to one another’ and integrate; the increasing digitization and reliance on software that move away from historical fail-safe designs (originally driven by the risk of component failures, not cyber); the increasing reliance on the cloud and mobile devices for data analytics and engagement with services; and, dependence on remote technical support to maintain these platforms. All of these drivers elevate the risk profile and level of complexity, but the thoughtful adoption of a security framework can effectively mitigate these risks.
As an industry, we must continue to embed standards and practices across the entire supply chain to realize the benefits of smart technologies. A security lens must be integrated into any selection and implementation process. The journey is continuous in responding to an always changing threat landscape.”