Cyber-Risiken in der Immobilienwirtschaft


Cyber Risks Threaten Real Estate

Dr. Peter Staub 18.08.2017

The digitalization has reached every area of life – and holds numerous risks, which are impossible to determine in detail today.

About half of all German enterprises had become victims of cyber crime within the previous two years, according to a 2015 Bitkom survey. Data theft, economic espionage or sabotage cause damages of roughly 51 billion Euros per year. At this year’s World Economic Forum, the major top risks of digitalization have been identified: Negative consequences of the technical development, i.e. within the realms of artificial intelligence, geo-engineering, or synthetic biology can cause human, ecological and economic damage.

The co-dependency of relied computers increases the vulnerability of an outage of critical IT structures like the internet, satellites or networks. Large scale cyber attacks and malware cause immense economic damage, geopolitical tensions and a loss of trust concerning the internet. Finally, data fraud and theft of private and public data lead to illegal use in a unprecedented manner.

Real estate are increasingly equipped with digital technology, as a variety of digital services are provided for renters and users, whereas integrated digital processes are used for planning, construction and management. Real Estate are becoming integrated and integral Cyber Physical Systems (CPS), which adapt to and foresee environmental impacts and manage to steer building management systems concerning the occupancy rate or the user behaviour, for example.

A Welcome Target for Attacks

The blessings of the digital technologies are at a same time their curse, since they are all based upon mobile and cloud computing and therefore represent a welcome target for attacks of cyber criminals. Investors, owners, constructors, managers and facility managers are therefore facing another very difficult task, apart from the big challenge to adequately apply the new technologies: The have to ensure the digital protection of their real estate, renters and users. Thus, they need to recognize the risk and dangers, before planning and rigorously implementing the corresponsive countermeasures on a organizational but also technical level. Part of this is the sensitization and training of the employees and the good protection of the system integrity, demanding a high level of security. Quarantine zones make part of such protection measures, just as wallet-garden-systems, classification of data, isolation of network areas containing sensitive data from the Internet and strict access rights. As a precautionary measure as well as for the controlling, a network traffic monitoring plus a comprehensive business continuity management are recommended. According to multiple studies, up to 95% of all security relevant dangers can be attributed to unconscious human errors, for instance the erroneous configuration of a firewall or a server set up. Deliberate interruptions of digital systems like hacker attacks from individuals on software and computer have rapidly increased. For instance, phishing attacks have become popular on online real estate sites for renting and selling: The fraudsters use infected websites for the publication of false advertisement for available apartments. Worms or viruses like Stuxnet, Flame or Shamon fall into this category. They were specifically developed to attack building management systems and take over control. Another example are illegal accesses to the steering of parking lots, parking reservations, lights systems and even barriers, in order to continually track the presence and absence of employees.

Apart from human beings, digital risks can also be caused by purely technical reasons. Real estate feature multiple heterogenic technologies of various degrees of maturity. Sensors with an insufficient life cycle, faulty data transfer and similar problems may lead to situations that can cause damage without a human intervention. Or in the area of Big Data, mortgages or apartments may be unjustly contracted out because of personal profiles. A large problem especially consists in the lack of binding standards: Many systems are not compatible with each other, sensors and appliances cannot exchange their data, therefore confusion becomes unavoidable.

Collaborative Risk Management

The digital danger list of the real estate business is becoming longer and longer. In order to more or less control the classification, assessment and evaluation of dangers according to different criteria, the use of a software application is recommended. Cyber crime is highly dynamic, the dangers constantly change and new threats appear permanently. The collaborative risk management is therefore helpful, i.e. the assessment of risks of various actors within an organization and the subsequent comparison with other market players. The findings and the experience of many parties concerned can increase the early detection and minimize the damages.