In the fast-evolving landscape of the real estate and title insurance industries, the digital transformation has brought unprecedented convenience and efficiency. However, this shift towards digitization has also opened new avenues for cyber threats and vulnerabilities. Over the past 12 months, several cybersecurity trends have emerged that pose significant risks to the title insurance and real estate sectors.
Cybersecurity threats are certainly nothing new. Read this article we published about a year ago, 5 Reasons Why the Title Industry Now Faces Elevated Cybersecurity Threats.
Top Cybersecurity Trends
1. Data Theft and Access Control
The value of customer data has increased exponentially. With this surge in value has come increased theft leading companies to pay big penalties. Government regulatory agencies impose fines if proper protocols are not adhered to or if risk management strategies are inadequate. The Federal Trade Commission just amended its rules last month. Non-bank financial services firms will soon need to report data breaches involving more than 500 customers. The SEC is also just weeks away from enforcing new incident disclosure requirements for publicly-traded companies (source). This includes title and real estate companies.
First American Title discovered a data risk vulnerability in May 2019. It allowed anyone with access to a link to see their documents and gain access to other users’ documents without the need for authentication. It is estimated that this breach potentially exposed 885 million documents. The information included sensitive data like Social Security numbers, driver’s licenses and tax and banking information.
The investigation found the company failed to maintain effective governance and classification, proper access controls and risk assessment policies. The New York State Department of Financial Services reached a $1 million settlement with First American Title Insurance Company. The settlement was tied to violations stemming from a 2019 data leak. First American also agreed to pay implement measures to better secure customer data.
2. Ransomware
During 2023 ransomware attacks have become more sophisticated and targeted, affecting businesses across various sectors. Real estate and title insurance companies, holding vast databases of sensitive information, are attractive targets for cybercriminals seeking hefty ransoms. These types of cybersecurity trends are often understated given the incentive to not report. No company is eager to announce they paid a ransom to regain access to critical data or systems. As a result, the crime is most likely under reported.
This month hackers breached the systems of Florida-based Fidelity National Financial, the parent company of Chicago Title. This attack led to delays in closing real estate deals and affecting home sales in the Chicago area, Crain’s reported.
This incident marks the second attack on the Chicago-area real estate industry in recent months. Unlike the August attack that affected agents’ ability to market listings, the current hack disrupts the transaction process, in which funds and financial information are exchanged. The ransomware group Alphv/Black Cat has claimed responsibility for the hack (source).
3. Supply Chain Attacks
The interconnected nature of the real estate ecosystem makes it susceptible to supply chain attacks. Cybercriminals exploit vulnerabilities in third-party services and suppliers, compromising the integrity of transactions and sensitive data.
Last year bad actors leveraged a cloud video hosting service. Their plan was to carry out a supply chain attack on more than 100 real estate websites. The sites, operated by Sotheby’s Realty, were injected with malicious skimmers to steal sensitive personal information (source).
4. Phishing Proliferation
With the rise of remote work, phishing attacks have surged. Real estate professionals, often dealing with large financial transactions, are prime targets. Sophisticated phishing schemes can trick employees into revealing sensitive information or wiring funds to fraudulent accounts. Compounding matters further, these cybercriminals have gotten better in their craft. Phishing emails or texts are not as obvious of a threat anymore, which is creating havoc for every organization.
5. Insider Threats
Employees with access to critical systems always pose a significant threat. Whether intentional or unintentional, insider actions can result in data breaches. The real estate industry, with its reliance on vast amounts of sensitive data, is particularly vulnerable to insider threats. According to a recent research report, insider threat incidents have risen 44% over the past two years (source). The cost per incident has increased by more than a third to $15.38 million. The report shared other research findings, including:
- The cost of credential theft to organizations increased 65% from $2.79 million in 2020 to $4.6 million at present
- The time to contain an insider threat incident increased from 77 days to 85 days, leading organizations to spend the most on containment
- Incidents that took more than 90 days to contain cost organizations an average of $17.19 million on an annualized basis
6. Emergence of Deepfakes
Deepfake technology has advanced, enabling cybercriminals to create convincing fake videos or audio recordings. In the real estate context, this could lead to fraudulent transactions, with deepfakes deceiving parties involved in a deal. Artificial Intelligence is driving cybersecurity trends that are creating a bigger challenge to overcome. The National Association of Realtors published this list of how deepfakes could be used in the Real Estate industry. Here are three examples (source):
- AI can create fake listings, like fraudulent rental ads, to defraud consumers
- Deepfake videos can trick agents into taking listings or writing virtual sales contracts for properties that don’t exist or are not representative of the actual condition of the property
- AI can create fake reviews or video testimonials for real estate agents or brokers – fraudulent reviews may convince consumers or other real estate pros to work with agents who have ethical, disciplinary, or criminal issues
Mitigating Risks: Three Crucial Steps
Invest in Robust Cybersecurity Solutions
To counter the surge in ransomware and supply chain attacks, real estate and title insurance companies must invest in cutting-edge cybersecurity solutions. Implementing advanced threat detection, encryption, and secure communication channels can fortify defenses against evolving cyber threats.
Employee Training and Vigilance
Given the prevalence of phishing attacks and insider threats, comprehensive training programs for employees are paramount. Educating staff about the latest phishing tactics and the importance of secure data handling can significantly reduce the risk of inadvertent data breaches.
Regular System Audits and Updates
Conducting regular audits of IT systems is essential. Identifying and patching vulnerabilities in a timely manner can prevent exploitation by cybercriminals. Additionally, transitioning from legacy systems to modern, regularly updated platforms enhances security by eliminating outdated software and hardware vulnerabilities.
The Imperative of Modernization
In the ever-evolving landscape of cybersecurity, the importance of modernizing IT systems cannot be overstated. Legacy systems, often characterized by outdated software, limited security features, and a lack of ongoing support, are more susceptible to cyber threats.
Vulnerabilities of Legacy Systems – Legacy systems, designed in a different era of cybersecurity, lack the sophisticated defenses required to withstand modern cyber threats. Their outdated architecture often includes security loopholes that can be easily exploited by hackers.
Employee Training Challenges – Training employees on the intricacies of outdated systems can be challenging. Legacy systems are often more complex and less intuitive, making it harder for employees to understand and adhere to security protocols. This knowledge gap can inadvertently create vulnerabilities.
Compliance Concerns – With the ever-expanding landscape of data protection regulations, legacy systems may struggle to meet compliance standards. Non-compliance not only exposes companies to legal consequences but also increases the risk of data breaches and reputational damage.
One of the biggest challenges in staying ahead of cybersecurity trends is our human nature to dismiss attacks. Or, that we have become numb to them – leaving us vulnerable to a future attack. Real estate, title, and every other organization must proactively address the evolving cybersecurity landscape. By acknowledging and responding to current trends, investing in robust cybersecurity solutions, prioritizing employee training, and modernizing IT systems, companies can fortify their defenses against cyber threats.
The imperative of modernization cannot be overstated. Legacy systems, while once reliable, are now liabilities in the face of sophisticated cyber threats. As the digital landscape continues to evolve, embracing modern technologies and processes is not just a matter of staying competitive but a crucial step in safeguarding the integrity and security of real estate transactions in our digitally connected world.