MIT: ‘collision of real estate and IT is coming’

With hackers accessing internet-enabled building devices ranging from heating systems to toilets, panelists at MIT’s World Real Estate Forum offered recommendations to protect real estate companies financially and reputationally.

Most businesses focus on cybersecurity through computer vulnerabilities, such as this month’s malware attack that brought down more than 200,000 computers worldwide. But real estate companies have another major weakness stemming from their physical footprint, panelists at MIT’s World Real Estate Forum in Boston cautioned last week.

As real estate owners incorporate more internet-connected technologies in buildings, ranging from HVAC systems to printers, their susceptibility to cyberattacks likewise increases. One panelist warned that 80 percent of ‘internet of things’ devices – referring to internet-enabled objects – are not secure from cyber issues, with potentially disastrous consequences for real estate owners.

Such attacks have already caused problems for consumer companies, such as the 2014 data breaches at retailers Target and TJ Maxx caused by hackers entering through HVAC systems, and for landlords, in the case of a Swedish apartment building that went without heat for a week after a network hack, a panelist noted.

“The internet of things is here to stay and it’s going to get bigger,” the speaker said. “Now, that collision of real estate and IT is coming. There’s the potential for huge reputational, not just financial, risk.”

One executive recommended that devices only have access to specific ports and parts of the network, “so that it only talks to the things it should,” rather than accessing a building’s entire Internet-connected systems.

Another said his firm uses ‘white hat hackers,’ computer specialists who assess network security, before and after device installation.

Basic computer security measures are also applicable to devices: for example, after installation and at set intervals, IT professionals should change passwords for any relevant systems and keep track of all devices across portfolios.

“Five years from now, even toilets are going to be connected, then hacked – and then your building will be flooded,” if owners fail to take proper precautions, a panelist warned.

Last week, panelists at PERE’s CFO and COO conference in New York tackled the topic of cybersecurity through software risk. They recommended implementing software updates and conducting due diligence for all third-party vendors, among other tips.