Real estate industry ripe for Optus-style hack, but can protect itself
Most of us have heard of the recent Optus hack, which has been described as “the biggest hack in history”. How many in the real estate industry realise that they are probably at risk just as the telcos were of being hacked?
And when they are hacked, how many will survive the loss of consumer trust and of millions of dollars to massive government fines?
Luckily, there are steps you can take to protect yourself.
In my career, I have worked as chief of staff to the UK House of Commons, as chief executive officer of the Digital Policy Alliance, as adviser and manager with the NSW government and the office of former Premier Dominic Perrottet, and as a consulting cyber security expert for numerous companies around Australia.
In all that time, I have seen few sectors with as many vulnerabilities and opportunities for improvement as the real estate sector.
Don’t just take my word for it. Even the hackers have noticed. In the last half year, offices of two major franchise networks have been hacked. The personal identification and financial information of their clients may have ended up in the hands of criminals.
Data and building systems are all vulnerable
Buyers, vendors, landlords, and renters all have understandable reasons to be nervous about the safety of the personal information for which the real estate industry is custodian.
What puts the real estate industry at such risk? Real estate companies are responsible for an increasingly complex set of networks, which gives criminals numerous points of access.
It only takes one weakness in a large network to compromise the entire system. Hackers have long used simple, connected devices to penetrate the most advanced networks. For example, some of the most significant hacks were made possible when the bad guys first targeted office printers. From there, they were able to gain access to computers and servers and all the data contained therein.
Your own and your consumer data are not the only things at risk. Even without connection back into the main network, if building systems are not properly secured, hackers can relatively easily access them and take them down.
Many buildings today have multiple sensors that are connected to the internet. These include fire alarm systems, automated lighting, security cameras, and so-called “smart devices”. When these have any form of contact with the primary network of an agency or asset manager, the potential for attack increases exponentially.
Hackers across Europe have used this technique to lock building managers out of their own buildings. Without warning, hundreds of devices like light switches, motion detectors, window shutter controllers, and security doors can suddenly stop working.
Almost 40 per cent of the computer systems used to control smart buildings were subject to some form of malicious attack in the first half of 2021, according to one report.
Large fines can put hacked companies out of business
Sometimes, the threat of a large, painful monetary fine helps focus the mind more than the risk of a breach.
That is why the Australian Parliament in November approved a bill to levy massive fines on companies that suffer data breaches. Each hacked company may be fined whatever is larger, $50 million, three times the value of any benefit obtained through the misuse of information or 30 per cent of the company’s adjusted turnover in the relevant period.
Ask yourself how that sort of fine would affect your ability to remain in business.
You can protect yourself
Luckily, the real estate industry can protect itself. There is no quick-fix panacea to prevent every single cyber attack because attackers are constantly evolving new threats.
However, adopting key security controls now will do a great deal to protect and to assure customers. You can make attacks less likely. Seeing your defences, hackers might decide to seek out less prepared, alternative targets.
At a minimum, real estate businesses must ensure they are working towards alignment with best practice in cyber security, such as ISO 27001. ISO 27001 is the lead framework that businesses are required to audit against, globally, to show their cyber security maturity and progress.
Alignment to ISO 27001 requires a significant effort, but luckily you can step up your cyber defenses incrementally. Taking the first step is much better than doing nothing.
At Secure Konnect Cyber, we have developed an eight-point maturity strategy for business. Implementing something like this is the ideal way for businesses to begin their journey to cyber protection.
Cyber threats are a significant and increasing risk, yet much of the real estate industry is unprepared. I encourage you to begin to protect yourself by taking the first steps along the journey to cyber maturity.
Dr Edward Phelps is a director at Secure Konnect Cyber Security
0 Comments