Cybersecurity

The latest cybersecurity risk? Our homes and offices

Offices are seen at the headquarters of Germany's industrial conglomerate ThyssenKrupp AG in Essen November 18, 2013. ThyssenKrupp, Germany's biggest steelmaker will release its annual results on Thursday. Photo taken on November 18.

Increasingly connected homes and offices face greater cyber security risks. Image: REUTERS/Ina Fassbender

JLL Staff Reporter

Intelligent buildings mean the opportunity for cyber-attacks in the real estate industry has grown.

High-profile corporate attacks have hit the headlines in recent months, exposing the ways in which the property industry is vulnerable to security breaches through everyday systems such as air con and CCTV. And the Internet of Things (IoT) is creating more opportunities for hackers.

The Internet of Things will hit the mainstream by 2020.
Image: Statista

Fishing, vishing, crypto-viruses and ransomware – these all pose huge threats to corporate security if they’re not adequately secured and professionally managed, says JLL EMEA’s Chief Information Officer, Chris Zissis.

“I believe cyber-crime will focus more and more on IoT because it’s a lot more accessible than say SAP or other technical systems. The challenge for IoT security is the same as for any web-enabled technology, such as a smartphone,” says Zissis.

“Property owners and their tenants must do three things: understand the sort of data IoT generates while it monitors and safeguards buildings, work out which data is of value, and get solutions put in by leading security experts to secure that data.”

When security is breached, it’s costly. IBM’s 2015 study on how much a single data breach costs a company put the figure at US$4 million on average per company. And these costs are likely to increase with many more countries adopting statutory requirements for remediation if data protection is deemed inadequate. Where property portfolios are spread across several countries, corporate real estate (CRE) may find it has to comply with multiple mandates.

Then there’s regulatory liability. Not only can hackers steal financial data, but they can steal other kinds of data as well—including consumer’s personal information. In the United States, for example, theft of medical information means the property owner could face a HIPAA (Health Insurance Portability and Accountability Act) violation if a medical office or health insurance tenant is compromised through the building system.

“Laws are becoming much stricter with regards to how companies protect consumer information,” says Edward Wagoner, Chief Information Officer, JLL Americas. “In some countries, your name, email, phone number and physical address are all considered private information and any unauthorized release of this data is against the law.”

Building management systems

Like Cloud, web and mobile, IoT generates both a lot of data and a lot of access. Through its everyday use in intelligent buildings, it merges technical and physical security.

No longer are building management systems segregated from conventional IT networks, such as servers, customer relationship management and online payment systems.

Consequently, systems controlling air con and heating, CCTV and fire alarms, can be hacked to provide entry to data and sensitive information. And vice versa, email or mobile phones can infiltrate the programming of a building’s locking and lighting systems.

Moreover, when hackers attack multiple systems interconnected across several properties, they can gain entry to a host of locations and data.

“CRE needs to realise cyber security is not just an issue for the IT department,” adds Zissis. “It’s not just about safeguarding ‘the perimeter’, as I call it. Everyone needs to be accountable for cyber security. “How people use technology, manage individual buildings and manage investment portfolios directly affects the levels of risk to businesses.”

Reasons behind risks

Potential causes of IoT security breaches point to where education and due diligence are acutely needed.

For instance, facilities managers rarely come from an IT background. Systems themselves have often been designed, supplied and maintained under commercial contracts without cybersecurity protection ever being a top consideration.

Vendors and products are not continually assessed on their cybersecurity. Landlords often fail to fully examine buildings management systems contracts to check who can access data generated, possibly resulting in data breaches that contravene commercial agreements with tenants. Instead technical functionality is often considered the most important criterion.

In addition, often systems operate on legacy technology and the information about how they run is open-source and easy for anyone to access.

Zissis believes real estate firms and CIOs need to put massive education campaigns in place. “Reaction and speed of reaction to any security breach is really important so you need awareness upfront,” he says.

“People need to be able to interpret tell-tale signs that something may be wrong and immediately shut down avenues of entry. This applies to both mobile phones and IoT in the exactly same way.”

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Real Estate

Share:
The Big Picture
Explore and monitor how The Digital Economy is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How to protect the global supply chain from phishing scams

Blake Darché

November 25, 2024

5 ways to achieve effective cyber resilience

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum