Hackers are constantly refining their approach. With large financial transaction sizes, real estate organizations are now in the cross hairs from hackers looking for a quick score. Real estate organizations have been seen as vulnerable, due to large transactions and the lack of “federal law requiring real estate businesses to implement information security programs to protect information and systems,” says Gregory Stein, writer at the National Real Estate Investor. There is no regulation demanding that real estate companies maintain compliance, unlike other industries with sensitive information such as healthcare providers. Therefore, many real estate companies traditionally haven't taken significant measures to ensure they have a sound cybersecurity posture.
In fact, according to a recent report prepared by KPMG, “50 percent of surveyed businesses in the real estate industry believed that they were not adequately prepared to prevent or mitigate a cyber-attack.” This leaves real estate organizations incredibly susceptible to cyber-attacks through faked business emails (phishing attacks), ransomware, and cloud computing.
Business email compromises (BEC) are one of the most common ways real estate firms are being cyber-attacked. They are one of the most difficult forms of hacking to detect, because an email is sent through a spoof account that appears to be coming from C-suite executives as well as escrow agents. The FBI has determined that “there have been over $3 billion of losses attributable to BEC,” says Gregory. Ransomware and malware are also techniques hackers have been using more commonly to target the real estate industry. Ransomware encrypts data on a computer that will make the information unavailable until the ransom is paid.
According to Stein, “Ransomware attacks were up 50 percent in the first half of 2017 and the profitable economics of the business model mean it will likely remain a favorite choice for cyber criminals.” Lastly, malware has made an impact on multiple real estate companies, stealing personally identifiable information with the intent of committing identity fraud and to gain access to bank accounts.
Building a cybersecurity program is the first step to take precautions against these forms of hacking and is crucial to keeping your company and your clients protected from cyber-attacks. Apptega's real estate clients leverage frameworks like the CIC Critical Security Controls (formerly SANS Top 20) and the NIST Cybersecurity Framework that define specific controls for Cybersecurity Awareness Training, Ransomware and Phishing. These organizations then customize programs to meet the unique needs of the real estate industry. Even without compliance regulations like HIPPA or PCI, Apptega customers build strong cybersecurity programs that address the unique requirements of the real estate market.
Let Apptega help you build, manage and report your cybersecurity program, so you can focus on "buying, selling, and managing" real estate with peace of mind. If you would like to learn more, please sign up for a demo or trial today.