Recent industry changes and technology transformations in the real estate and title industries have ushered in a new era. High-speed automated transactions have emerged thanks to intelligent process automation. Unprecedented productivity and performance improvement are now possible. This transformation is having a huge impact on these industries. Unfortunately, elevated cybersecurity threats have emerged. These threats must be addressed. If not, big setbacks will occur in the gains achieved by investing in new digital technologies.
In May 2019 a real-estate developer stumbled upon about 885 million First American customer data files (source). First American Title was lucky in that the breach was reported. Fortunately, this data was not used to extract ransom or other illicit activity. It was, however, a wake-up call to the title industry that new safeguards were needed.
Data Theft on the Rise
The American Land Title Association (ALTA) surveyed 569 title agents. The survey revealed that 86 percent of the participants said the volume of cybersecurity threats they experienced increased or remained the same last year when compared to 2020 (source). Several factors have caused an escalation of security threats to the industry. Here are five that are having a big impact.
- Insurance Companies Store a Lot of Data – cybercriminals go where the data is. In 2021 the US insurance industry reported a total of $1.4 trillion in net premiums written by about 6,000 insurance companies that employ about 2.8 million people (source). This is a “target-rich” environment for data theft.
- The Title and Insurance Industry is Under Pressure to Invest in New Digital Technologies – consumers increasingly rely on mobile phones for e-commerce, managing financial transactions, and monitoring personal health. Increasing pressure to offer online access to insurance information is creating new risks. This development work must be done securely by professionals well experienced in working with online portals and mobile apps.
- Increasing Reliance on Connecting Devices to the Internet / IoT – this investment occurs across nearly every organization in every industry. Equipment, devices, and other databases are now connected to the Internet. This connectivity enables intelligent decision support. The value of this information extends well beyond a company’s internal operations, so it is a big target for thieves.
- Increasing Value of Personally Identifiable Information (PII) – this data can be used to steal one’s identity for fraudulent purposes. The value of this data on the black market is quite high. Below is a sample of the going rates for this data, as shared by Spirion. Multiply this information by a couple of million records and the payday adds up quickly!
- $1 for Social Security numbers (SSN)
- $1+ for medical records, depending on how complete these records are
- $12-20 for credit card and CVV numbers
- $20 for payment services
- $20 for driver’s licenses
- $30 for the “full” credit card package of name, SSN, birth date, account numbers, voter records, and more
- $1,000+ for U.S. passports
- Increasingly Sophisticated Criminals – with the increasing value of PII, cybercriminals have attracted greater attention and investment within their community to “hone their craft.” Phishing emails are no longer as obvious to detect. Increasing sophistication with how access can be gained is leading to greater concerns by IT security professionals. Threats can come from texts, attachments disguised as a .pdf document, or even legitimate links in a document.
According to an ALTA survey, 46 percent of respondents reported that their employees receive at least one email attempting to change wire or payoff instructions every month (source). These cybersecurity threats are now forcing organizations to conduct more security training with employees to try and curb an increase in data loss.
What Can Be Done?
There is evidence suggesting that while attacks remained elevated, better recovery success rates are being achieved. The ALTA survey revealed that in 2020, 78 percent of the respondents did not recover any diverted funds. But in their 2022 survey, 94 percent reported some amount of recovery and 17% recovered 100% of the diverted funds (source). In the same way that cybercriminals are improving their craft, so too are the forensic data scientists and security professionals tasked with preventing theft and recovering stolen data.
The expression that you are “only as strong as your weakest link” applies to cybersecurity. Thieves will attack your systems, servers, and employee email accounts searching for a “door” to access your data. Once that opening is found, new code can be inserted to provide easy access to steal vast amounts of data quickly.
Legacy IT systems lacking modern security defenses, triggering mechanisms, and the ability to respond quickly as needed are big security threats – a risk that is now a much greater threat. Companies that neglect the required systems and modernization upgrades are placing a bet against a rising tide – a decision that could soon be a big regret!