To hear several cybersecurity experts tell it, data breaches are all but inevitable at every company, no matter how small they may be. The only choice for companies, at this point, is to be prepared for what’s coming.
That was the message during the “Business Response to Cyber Risk” panel held Monday at the Mortgage Bankers Association’s Commercial/Multifamily Servicing and Technology Conference, which is going on right now in Miami.
The panel discussed all things cybersecurity, including how often data breaches are happening.
During the panel, the moderator, Situs Director Jim Goodall, asked the crowd to take part in a series of questions about their own experiences with data security. One of the first questions was whether their company had been the victim of a hacker in some form or fashion.
Of the 100+ people in the room, more than half – 54% – said that their company had already been the victim of a breach.
Eric Carter, senior vice president of IT and security at Northmarq Capital, said that many companies are probably victims of a breach right now, and don’t even know it.
“They say that someone is in your network for three months before they even decide to do anything,” Carter said, expressing the general wisdom amongst IT professionals.
Oftentimes, the hacker (or hackers) will spend time observing employees’ communications or work habits for a long time, before eventually jumping into a sensitive conversation by pretending to be someone else and then wreaking havoc, the panelists said.
And the threat exists for small companies and large ones, alike.
“This is not just an IT problem. The threat itself can come from anywhere. You’re only as strong as your weakest link,” Siobhan O'Keefe, senior vice president of client relations at Berkadia, said. “You have to know that the threats are getting more sophisticated.”
In many cases, all it takes is one employee falling victim to a single phishing email or using their work computer from an unsecured network.
And the larger the company, the larger the amount of risk, as Michael Kenney, vice president, multifamily operational risk for Freddie Mac Multifamily, said.
“Our executives’ information is online,” Kenney said. “We could get an email that says (CEO) Don Layton approved $50 million to go this bank. It’s something you need to be aware of.”
Kenney said that for Freddie Mac, the best defense against breaches is a good offense.
“It’s really about culture,” Kenney said. “It starts with the tone at the top. We have training. We have testing. Our information security folks will perform phishing operations on our employees. If you get caught, you go into training. And you will get tested again.”
Each of the panelists stated that the battle against cyber threats is unrelenting, and staying on top of new technology is critical, because if you don’t, your company could be next. In fact, it’s probably already too late.