More than a third (39%) of UK firms suffered a cyber attack last year, according to the government’s 2022 Cyber Security Breaches Survey. A surge in high-profile cyber attacks means cybersecurity has become a primary concern for businesses across all sectors, and property is no exception.
The property sector has undergone huge digital transformation in recent years spurred on, in part, by Covid-19, as well as the rapidly growing proptech market, which it is estimated will grow from a current valuation of £14.4bn to £68.3bn by 2032.
While the adoption of technology has had a significant impact on the property industry, it has also made it a target for cybercriminals seeking to exploit vulnerabilities – so much so that companies have come to accept that a cyber breach is a case of ‘when’ rather than ‘if’.
The volume of high-stake and high-value transactions made in the sector, driven by the real estate boom of the last decade, has created more opportunities than ever for cybercriminals to exploit.
Long supply chains made up of unfamiliar organisations and individuals, combined with pressure on staff to complete transactions quickly, means the real estate sector has become more prone than ever to employees clicking on seemingly innocent links or attachments.
These sophisticated emails, from organisations posing as lenders or similar organisations, are the root cause of countless property companies losing hundreds of thousands of pounds or giving access to critical personal or business information.
But it is not only against cybercriminals that companies operating within the property sector are having to protect themselves. One of the biggest threats facing real estate today is insider threat.
The property sector holds lots of data on financial transactions, personally identifiable information and personal finance information, making it a target for malicious insider threats – typically stemming from employees leaving on negative terms and seeking to put organisations at risk by wiping data, taking down critical systems and stealing sensitive data or intellectual property.
In response to the pandemic, the property sector saw a surge in remote working and businesses rapidly turning to tech solutions to improve accessibility and mitigate disruption. Shortly after, the market witnessed a boom in new technologies, with businesses eagerly investing in new proptech solutions to remain competitive and drive down costs.
However, the downside of this progress is that it renders data more vulnerable to hackers where appropriate security controls are not being implemented, managed and maintained. Furthermore, as the number of staff handling data grows exponentially, ensuring the security of their devices while working remotely becomes paramount.
The impact of a cyber breach can be long lasting if not dealt with swiftly and appropriately.
The reputational and financial damage alone can be a significant challenge, on top of the general disruption it causes.
Adopting basic cyber hygiene principles can help property businesses easily navigate the complexities of cybersecurity and protect themselves from a potential attack. Some key activities include risk assessments, penetration testing and vulnerability management, regular user awareness training, robust threat detection and response systems, incident response planning and back-up and recovery operations.
In a continuously evolving cyber landscape, the industry must remain mindful. With a fine balance of people, processes and technology working together, there are ways to protect ourselves against cyber attacks.
Matt Dowson is cybersecurity lead at IT company iomart