Page 8 - RC21 EDGE Summer Issue
P. 8

 RANSOMWARE is a type of malware from cryptovirol- ogy that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and de- mands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is
an intractable problem—and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
When we walk into our homes, offices, schools or stores we assume we are safe. But cyber threats to human safety and property can be an even more compelling and lucrative target than data threats. The Colonial Pipeline CEO knew the liability incurred by not reacting quickly to the threat
of a catastrophic breach of the pipeline and the threat to human safety. Paying the ransom was for the good of the country. More CEOs and asset owners will face similar dilemmas. Gartner predicts 75% of CEOs will be personally liable for cyber physical security incidents (CPS) by 2024. Gartner also predicts that the financial impact of CPS attacks resulting in fatal casualties will reach over $50 billion by 2023. So, what can be done about it?
First, do you know what technologies you have in
your asset or portfolio, and what risk it poses? Most companies do not know if the smart systems being used in buildings can threaten their reputation, compromise operations, or even harm employees. Furthermore, in many cases building owners may not have the insurance coverage that would protect the owner from the cost
of responding to a cyber incident affecting property or tenant health. For those who are aware, a dizzying array of cyber tech companies offer a full range of protection services, but other than reputation and client lists, its difficult to determine how effective the services will be without some sort of national framework. And bottom
line, what real estate company wants to take a hit on NOI to reduce what seems at the time to be a remote risk? Where is the value proposition?
Building Cyber Security, Inc. (BCS), a 501 (c)(6) non-profit organization, has gathered private sector stakeholders from the real estate industry, technology companies and insurers, all with a mutual need for a framework offering marketing incentives to building owners and operators
to improve the security and safety of all the systems in a building , and ultimately protect the tenant.
What makes BCS unique in the nexus between the built environment and technology is the collaboration with leading global insurers to incentivize the adoption of cyber certifications for tiered levels of protection (bronze, silver, gold and platinum) to match the risk identified
by asset owners. Like Realcomm’s Real Estate Cyber Consortium (RECC), BCS will offer the framework to all interested parties and will review your asset to deliver a cyber protection assessment and rating based on evolving industry best practices. The BCS framework will also reward persistent cyber hygiene, addressing the people (training), processes (governance) and the technology (controls) over the life cycle of your asset. Adopting the BCS framework will be the signal to bad actors that you have made the investments to protect your systems, and they should move on.
As insurance policy rates related to cyber risk continue
a rapid climb and potentially start impacting the costs
of property and casualty policies, the BCS framework may help reduce those policy costs or even mean the difference in getting insurance at all, particularly if you are investing in PropTech for your building. Bottom line–would you rather spend millions to recover from a ransomware attack and restore trust in your asset, or see a firm ROI through reduced premiums on proactive protections to your asset? We need not simply wait to react, but take the initiative to recognize the growing threat, and encourage public and private sectors to share understanding of risks and threats.
The Honorable Lucian Niemeyer is the Chief Executive Officer of Building Cyber Security, a non-profit organization enhancing global safety in a smarter world. He applies his expertise and experience in the convergence of facilities, real estate and technology to
counter emerging global threats. Lucian is also a former Assistant Secretary of Defense, US Senate professional staff member, small business owner, and an Air Force veteran.
For more information, visit www.buildingcybersecurity.org or follow us on LinkedIn Building Cyber Security: Overview | LinkedIn
 8















































































   6   7   8   9   10