Real Estate Cyber Consortium

We’re thrilled to welcome Terry Keller and MRI Software?as the newest member of the?Real Estate Cyber Consortium! MRI’s deep expertise in innovative property management and real estate technology aligns with our mission to elevate cybersecurity standards across the industry. Together, we’re advancing collaboration and resilience to tackle evolving cyber threats within the real estate sector. Welcome to the RECC community, MRI – we look forward to building a safer, more secure future together! #cyberharmony #commercialrealestate #builtenvironment #cybersecurity #realestate #RECC #MRI

We are thrilled to welcome PIMCO Prime Real Estate as the newest member of the Real Estate Cyber Consortium! Special greetings to our colleagues from France: Grigor Hadjiev, Julien Daclin and Naveen Kumar JAGANNATH. This new partnership strengthens our presence in Western Europe and enhances our ability to collaborate on global best practices for safeguarding assets worldwide. #cybersecurity #cyberharmony #otcybersecurity #builtenvironment #RECC

Cybersecurity: A Strategic Imperative for CEOs in the Digital Age ? In today’s hyperconnected world, cybersecurity is no longer just an IT issue—it’s a critical business concern that directly impacts the bottom line. As cyber threats become more sophisticated and regulations tighten, CEOs need to view cybersecurity as a strategic imperative. ?A single data breach can damage a company’s reputation, disrupt operations, and lead to significant financial losses. Below are 10 key considerations for why cybersecurity must be an organizational priority. From protecting intellectual property to ensuring business continuity, these points show how investing in cybersecurity is an investment in the future success and resilience of the business. It’s time for the C-suite to take cybersecurity seriously! Join the RECC community and hear how our members are addressing this pressing issue in commercial real estate space. ? #cyberharmony #RECC #commercialrealestate #builtenvironment #cybersecurity #CEO #businesscontinuity #cyberresilience #leadership #riskmanagement

?? October is Cybersecurity Awareness Month! ?? As digital threats continue to evolve, it’s crucial for the real estate industry to stay ahead of potential risks. At the Real Estate Cyber Consortium (RECC), we’re dedicated to helping our members create motive their security posture while fostering collaboration across the sector. Why join RECC? Stay informed with the latest cybersecurity trends and threats tailored to the real estate industry. Membership in the RE/ISAC Connect with leaders and experts in real estate and cybersecurity to share best practices and solutions. Access tools, initiatives, business and events designed to enhance your cybersecurity strategy. Be part of a collective voice advocating for stronger cybersecurity measures in the real estate sector. As we recognize Cybersecurity Awareness Month, there’s no better time to take action and protect your organization from cyber threats. Join RECC today and become part of a proactive community committed to securing the future of real estate. ?? Why recreate the wheel? Learn more and get involved: https://lnkd.in/gwu-2_vT #CyberAwarenessMonth #RealEstateCyberSecurity #JoinRECC #CyberResilience #CyberSecurity #CyberHarmony #OTCyberSecurity #BuiltEnvironment

As IT and OT systems continue to converge, managing 3rd, 4th and sometimes 5th-party risk requires a new perspective. Traditional approaches used for IT systems may fall short when applied to OT environments, as they introduce unique challenges that affect physical processes, safety, and critical infrastructure. Here are several key factors that IT professionals must consider when assessing risk in OT environments: Increased Interdependency of Systems: OT systems are often deeply integrated with critical infrastructure, meaning that a vulnerability in a 4th or 5th-party supplier could have much more severe consequences compared to IT systems. Physical Safety Risks: Unlike IT systems, OT environments often control life safety systems and other systems (e.g., elevators, escalators, energy, security). A 4th or 5th party risk in OT can result in compromising occupant safety and cause operational disruptions. Legacy System Vulnerabilities: Many OT systems are built on outdated technology, making it harder to patch or update. This increases the risk from 4th and 5th parties that may be involved in maintaining or integrating with these systems. Extended Supply Chain Impact: IT professionals need to account for the extended supply chain, including 4th and 5th parties, which may have direct or indirect access to OT systems. Any risk to a 4th party could cascade through the entire operational network. Limited Visibility and Control: Traditional IT security measures may not provide sufficient visibility into OT environments, especially when third-party vendors are involved. IT professionals need to consider the lack of direct control over how third-party providers secure their systems. Differences in Security Approaches: IT systems prioritize confidentiality and data protection, while OT systems prioritize availability and operational continuity. Third-party risks may need to be reassessed with OT’s focus on uptime and process integrity in mind. Longer Supply Chain Lifecycles: OT systems tend to have longer life cycles, and third-party systems might remain in place for decades. This increases the risk of using outdated security measures that third parties may not update in time. Converging IT/OT Systems: As IT and OT systems increasingly converge, IT professionals managing risk must adapt to how third-party vulnerabilities in either domain can impact the entire system. Greater Need for Vendor Collaboration: IT professionals must work closely with third- and fourth-party vendors to ensure that they understand the unique challenges of securing OT systems, leading to increased collaboration for risk mitigation. The Cyber Harmony model considers 5th party risks as it pertains to cybersecurity and addresses the importance of understanding the construction process, the various stakeholders and where they fall in the risk management process. #commercialrealestate #cyberharmony #builtenvironment #otcybersecurity #cyberawareness #riskmanagement

Join us in welcoming Alessandra (Sandra) Thoene, MBA and Tosibox to the RECC community. We are thrilled to have Sandra represent Tosibox and share her insights on OT security as we collectively provide solutions for the rising threats faced by commercial real estate owners while securing their OT systems. “Tosibox’s cutting-edge cybersecurity solutions align seamlessly with RECC’s focus. Our goal is to gain a deeper understanding of the specific needs within the BAS industry, ensuring that our solutions are well-suited to address these requirements. This collaboration will also help us identify opportunities for future product enhancements to meet the BAS needs” - Sandra Thoene #OTCyberSecurity #CyberHarmony #CyberAwareness #BuiltEnvironment #CyberSecurity? #RECC #CommercialRealEstate

Possible cyber attack on critical infrastructure with IT and OT assets.

As organizations increasingly integrate Artificial Intelligence (AI) into their business operations, it is crucial to implement policies that address both the challenges and opportunities of AI. These policies should ensure that AI outputs are critically evaluated, safeguarding against potential errors and biases. Additionally, they must provide comprehensive governance to protect the organization’s data from cyber threats and establish clear guidelines for the ethical and responsible use of AI across all aspects of the business.??This is why it is important for organizations to adopt an AI policy sooner than later. An AI policy will provide guidelines for the implementation, management, and governance of AI within an organization to ensure ethical, secure, and efficient use of AI technologies. The policy should apply to all departments, employees, contractors, and third-party entities involved in the development, deployment, and utilization of AI systems within your organization. At minimum, the following areas should be covered and established as guidelines for a comprehensive AI policy: 1. Ethical Use of AI 2. Data Privacy and Security 3. Governance and Accountability 4. Training and Awareness 5. Risk Management 6. Compliance and Legal Considerations 7. Monitoring and Evaluation 8. Innovation and Continuous Improvement The IT department, in collaboration with the AI governance committee, should be responsible for implementing the policy. Regular reviews and audits should be conducted to ensure compliance and address any emerging issues. The policy should also be reviewed annually and updated as necessary to ensure it remains relevant and effective. The graphic below shows a basic framework for developing an AI policy for an organization. #RECC #commercialrealestate #cybersecurity #cyberharmony #builtenvironment #artificialintellengence #AI

The RECC community is sad to say that we recently lost one of our co-founders Charles Myers. Charles was a dedicated participant in the Realcomm Community since 2003 where he proactively shared his experience and cultivated conversations around very important topics. After a Cyber Security meeting at Realcomm in 2016, Charles organized a group of senior industry executives to accelerate the conversation and established monthly calls to keep the cyber security conversation front and center. In November of 2020 – during Realcomm’s COVID Hybrid event – Charles received the annual Lifetime Achievement Award in recognition of his substantial contributions to the industry. In February of 2021, the Real Estate Cyber Consortium (RECC) was officially formed, and Charles served as its first Executive Director until January of 2023. Charles was well known for his passion regarding the built environment, specifically the implementation of smart technologies. His later career focused on cyber security for buildings and his efforts will be remembered as the foundation for RECC and many other cyber conversations. His contribution to our industry will not be forgotten, nor will his zest for life and kind heart. RECC will forever be grateful for your contribution and service.

The Real Estate Cyber Consortium has embraced the concept of creating "Cyber Harmony" within our industry. To support this initiative, we are developing an Owner's Project Requirements (OPR) for our RECC members. We all are aware that the Owner or End User is the ultimate stakeholder in any project where OT is being deployed. This is why it is crucial that the OPR is integrated into the contract documents for these projects. A strong OPR provides clarity of expectations and addresses key areas such as compliance, access control, data protection, and other security measures that mitigate risks. You don't have to travel your cyber journey alone! Join our collective to collaborate with industry peers and benefit from their extensive knowledge and experience, along with taking advantage of initiatives such as the OPR. https://lnkd.in/gwu-2_vT #cyberharmony #cybersecurity #otcybersecurity #commercialrealestate #builtenvironment #cyberopr #OPR