The real estate sector and cyber attacks

Why would cybercriminals consider real estate companies and REITs valuable targets? Because agents, brokers and property managers handle a wealth of sensitive data, financial information and personally identifiable information (PII) that, if breached, could result in identity theft and criminal fraud.

That data and information is in real estate companies’ and REITs’ files that contain bank account information and PII of property buyers and sellers. Attacks in the real estate industry also target property management companies’ online portals, potentially gaining access to credit and debit card numbers and cardholders’ addresses that can then be used to commit fraud.

In addition, with the ever-increasing Internet of Things footprint — including security cameras, door sensors, HVAC automation, lighting automation and elevator management — potential attack surfaces and types of attacks that could impact safety and security are on the rise.

How hackers do it

As covered widely in the media, cybercriminals frequently use the following types of attacks:

• Phishing: Deceiving individuals into divulging confidential information (e.g., login credentials, credit card details, additional personal data) by sending them an email that looks like it comes from an authentic source (e.g., a bank or mortgage lender). Phishing attacks usually include a link or attachment; when clicked or opened, a hacker gains unauthorized access to steal information and/or money or install malware on the user’s device, allowing deeper access into the victim’s network.
• Social engineering: Tricking users (e.g., by impersonating a client or vendor) into giving away sensitive information or performing actions that can harm their systems’ security.
• Ransomware: Malicious software that encrypts data on a target’s device or devices connected to a target’s device, leaving it inaccessible, and then extorts the user for monetary compensation in return for a decryption code – which isn’t always delivered.
• Denial of service: Overwhelming a website, network or server with traffic, leaving it inaccessible or unavailable to users. Typically accomplished by flooding targeted servers or resources with so many requests that the systems become overloaded and can’t fulfill some or all legitimate requests. Results can include website downtime and loss of revenue.
• Password attacks: Trying to guess or steal weak passwords that can give cybercriminals unauthorized access to systems or data.

How Mazars can help

Mazars’ cybersecurity specialists help organizations in all industries, nationally and worldwide, understand and manage their cyber risk. Our professionals provide a unique combination of foresight, experience and hands-on execution to assist in mitigating risk and protecting your real estate business or REIT.

Whether via cyber consulting, technology audit or cyber managed services, Mazars provides cost-effective custom solutions to address each client’s unique concerns. Our formula for delivering value consists of an experienced consulting team and a dedicated 24x7 security operations center (SOC) that becomes an extension of your business, thereby removing the risk and challenges of building and maintaining an effective security program and hiring difficult-to-find and expensive cyber professionals.

How Mazars can protect your real estate organization

Building a security program

A successful security program begins with the right strategic plan. Mazars consulting services can help ensure an effective plan is in place, putting your organization on a methodical path for security program maturity over time that fits within your budget.

Maintaining an effective security program

Daily security operations can be extremely challenging. Factors such as human resource constraints, expertise, time and technology all contribute to the ongoing challenge of delivering successful security services to the business.

Mazars managed services can significantly reduce this challenge. Our goal is to forge a strategic relationship where we become an extension of your security team, handling your daily security operations tasks and letting you get back to running your business.

Consulting and advisory services

Helping you take control of your costs, efficiency and compliance by integrating security and privacy into your business operations and technology platforms.

We offer:

• Security risk assessments (NIST, ISO, PCI)
• Security audits (SOC2)
• Penetration testing services
• Security and data privacy consulting (GDPR, CCPA, SHIELD)
• Strategic leadership
  • Chief information security officer (CISO) as a service
  • Security expert on demand

Managed services
24x7 security operations service delivery to help transform and mature your security program and capabilities for effective daily security operations and risk mitigation:

• 24x7 managed security/SOC as a service
  • Managed detection and response (EDR/MDR)
  • Managed SIEM
  • Managed vulnerability scanning
  • Managed incident response (IR)

To protect your business, contact us.