Connected build technology has become increasingly beneficial to commercial real estate owners, as they can control lights, thermostats, security camera systems, locks and more over the Internet. These solutions became even more critical to CRE owners during the COVID-19 pandemic because they could serve tenants without having to meet in person. Unfortunately as connected building technology and IoT (Internet of Things) have become more commonplace, hackers have become more enticed to break into these systems and cause havoc, Bisnow reports.
Part of the issue is CRE owners and property managers have had their hands full just keeping their buildings going during the pandemic. Staying on top of IoT security protocols is another layer, they just aren’t prepared to handle, Institute of Real Estate Management (IREM) President Chip Watts told Bisnow.
“There are so many different items out there right now that can be hacked and be a concern for security,” Watts said. “[The pandemic] has forced property managers of the world to embrace this technology faster than anyone imagined. We would have anticipated [we were] three-to-five years from embracing this technology as much as we have.”
Connected buildings trend is only getting stronger
If revenue figures are any indication, IoT solutions will continue to become more prominent in the CRE industry. Smart building research firm Memoori said the IoT market increased in revenues from $34.8 billion in 2017 to $42.8 billion in 2019, Bisnow reports. The market is expected to increase to $82.4 billion in revenues for IoT providers in 2022. Memoori also estimated that there were 1.7 billion connected devices installed in buildings around the globe by the end of 2020 and that number will approach three billion by 2025.
Such a significant increase in IoT solutions means CRE owners will have to get a better handle on how to keep their buildings’ networks secure. Approximately 26% of all cybersecurity-related issues occurred because of unsecured connected smart devices, according to private management research firm Ponemon institute.
“What I find is the clients don’t have a strong enough set of radar to understand the level of risk that they’re confronting,” Kenneth Citarella, senior managing director of investigations and cyber forensics at Guidepost Solutions told Bisnow. “It always seems to be the other guy’s problem,” “People still like to operate under the presumption that ‘I’m safe until I’m proven not to [be].’”
What’s at risk for CRE owners
If a device is connected to the Internet, it can be hacked. In 2013, hackers got into Target stores’ HVAC systems and eventually the retailer’s main network when it stole more than 40 million customers’ credit and debit card information. Meanwhile Microsoft alerted industry leaders in 2019 that Russian-backed hackers were trying to break into large companies systems through their online printers or VoIP phones. A hacker in Finland used an aquarium’s remote thermometer to get into a casino’s mainframe. Unfortunately, when a security measure is put in place to protect an online in-building network, there’s a hacker that finds a way to sidestep it.
“It’s a race. Like there was the [arms] race. There’s a cyber race,” Kevin Kornegay, an IoT security professor at the Cybersecurity Assurance and Police Center at Morgan State University said. “And it’s tit-for-tat. And the consumer is stuck in the middle, kind of in the crosshairs.”
CRE owners must prioritize building cybersecurity
Commercial real estate buildings were becoming “smart” at a rapid pace even before the COVID-19 pandemic. The IoT trend is now accelerating due to the pandemic—a 2020 Vodafone survey showed that 76% of the companies surveyed said COVID-19 sped up their IoT adoption plans, Bisnow reports. Meanwhile 79% of respondents said they’re creating IoT projects because of the pandemic. While it’s great that building owners are embracing IoT, it doesn’t help tenants much if wireless solutions are not secure. The key now is for CRE owners to be proactive intaking security measures, rather than just reacting after a hack occurs. Right now, many are not prepared for how exposed the devices they’re deploying in their buildings are to potential hackers.
“A lot of what we’re seeing is reaction,” Prescient Managing Director and cybersecurity consultant Alex White told Bisnow. “Organizations have grown to pandemic-style remote work environments, but they don’t know what they really need other than what is required.”
IREM is working to ensure its members are prepared by offering IoT security education, but that’s challenging because a lot of property managers have been focused on keeping tenants safe from COVID-19.
“A lot of our members, they’re not IT people. It is a matter of education,” Watts said. “I wouldn’t say we’re behind the ball. I would say that a lot of our property managers are busy on a day-to-day basis. Once COVID hit, our membership literally went to 24/7 dealing with residents and tenants.”
Ensuring a safe return to buildings following the COVID-19 pandemic will remain a priority, but cybersecurity also must remain high on that list too. Especially as CRE owners make IoT devices one of their building amenities. Keith Mack, director of Regent Partners Development, understands the importance of network security as his company is developing a pair of hotels and exploring room features that guests’ smartphones can control.
“We didn’t have (cybersecurity) as a point of focus,” Mack told Bisnow. “We knew that hacking and cybersecurity was an issue, but it wasn’t a point of focus. Going forward with an office building, especially with new office buildings, Internet security is going to be more prevalent. In the past, it was an afterthought. You get Norton 360 and then you move on.”
Joe Dyton can be reached at firstname.lastname@example.org.