Cybersecurity Threats to Real Estate


At first glance, the real estate sector may not appear as the most obvious target of cyberattacks with its bricks and mortar image. However, with a 300% increase during the pandemic, cybercrime is quickly becoming one of the biggest threats to all businesses globally – real estate being no exception.

Real estate companies hold valuable tenant and landlord information sought by cybercriminals, including bank accounts and other personal information that criminal hackers can use for identity theft, data breaches and cyber attacks. ransomware. With many real estate companies now relying on digital operations and “smart” technology, such attacks could impact operations anywhere from simple inconvenience to complete shutdown. The vulnerability is amplified when commercial buildings have multiple occupancies, or interconnectivity and interdependent IT systems involving third parties.

The online portals of property management companies can be hacked by hackers giving them access to credit and debit card numbers and addresses which they can use to commit fraud.

Real estate agents or conveyance attorneys are responsible for handling homebuyer deposits, but often have minimal security measures in place to protect large transactions.

Email communications leave all of these parties and agents vulnerable to phishing, whereby individuals or groups contact potential victims within the company posing as legitimate institutions in order to trick them into providing their own private data. or those of others, such as bank and credit card details, passwords or personal identification information.

It starts with cybercriminals hacking into the system of the title or real estate company to study the language used, the format of the information and the transactions, in order to facilitate their appearance at first glance legitimate and then allow them to commit fraud. convincing.

There is no set pattern for such crimes. The nature of cybercrime is that attackers are continually finding new and diverse ways to breach a company’s networks and information assets, even companies and industries that are known to have the best security measures in place. security to prevent cyberattacks.

The vulnerability of the real estate sector has been revealed by a downward trend that has lasted for years since the start of the Covid-19 pandemic and the shift to remote working.

Among the various real estate sectors, commercial and industrial property has been the most affected, making them more susceptible to cyber threats in their eagerness to request information.

For example, there have been instances where online fraudsters have used the portals of real estate brokers posing as buyers or renters to insinuate themselves with the target business and commit fraud.

Here is a summary of the different approaches used by cybercriminals to attack the real estate sector:

  • Ransomware : The term was coined because hackers demand a ransom from the organization before restoring access to its systems and data, which they had improperly accessed or prevented from functioning after attacking the organization’s network.
  • Compromised work email: This happens when attackers use emails to persuade buyers or sellers of property to transfer funds to fraudulent accounts. These fake emails are usually indistinguishable from an original.
  • Seller compromise: Real estate customers face vendor compromise when a third-party partner experiences a data breach.
  • Phishing attacks: Hackers use fake email advertisements, scam social media pages and websites to trick individuals into providing their personal information which is then used to perform malicious activities.

It’s not just information and bank balances that are at risk: there have also been instances over the years where cybersecurity has caused property damage. There are several examples of such cases around the world:

  • In 2015, hackers used phishing emails to gain access to login credentials at a German steel mill. They managed to disrupt the company’s control system, shutting down parts of the factory, causing millions of euros in damage.
  • Also in 2015, hackers remotely sabotaged Ukraine’s electricity grid, knocking out power to around 230,000 consumers for one to six hours.

Solutions are available for the real estate industry which, if implemented, can deter most cybersecurity attacks. For example, there are excellent security tools available to regularly monitor their network and identify vulnerable servers. These tools automatically suggest solutions on how these vulnerabilities can be dealt with.

At the same time, companies should educate their employees about cybersecurity alongside tailored training. This enables employees to be able to identify cyberattacks and understand the risk they pose to the organization and their responsibility in it.

Risky real estate businesses – as in all sectors – should perform annual cybersecurity audits in order to have a full identification of their cyber risks and then be able to determine the mitigation measures to address them.

In addition, there are cyber liability policies covering medical-legal expenses, legal fees, regulatory fines and penalties, credit monitoring and computer theft repair, liability and defense costs, including public relations expenses in the event of a cyberattack.

This is an ongoing process: cybersecurity attackers continue to discover increasingly sophisticated methodologies and tools to infiltrate information assets. For this reason, it is essential that real estate organizations continually keep up to date with the latest developments in the field of cybersecurity and ensure that their IT environments are well secured and protected against cyberattacks.

Pulane Dikgole is Associate Director Audit at Mazars in South Africa.

Source link