The real estate sector should prepare for a rapidly escalating onslaught of online attacks by hackers employed by organized crime, according to a top cyber-security expert who spoke at ULI’s 2016 Fall Meeting in Dallas.
Hemanshu Nigam, chief executive of SSP Blue, a security consulting firm, and a former federal prosecutor specializing in computer crime, said that while the industry has not yet been hit by catastrophic data breaches of the sort that have plagued companies such as Yahoo and Target, nobody with an online presence can rest easy.
“Even the Pentagon has 1 million attacks per day,” said Nigam, who has also worked as a security executive for companies such as Microsoft and News Corp. He was part of a panel discussion on reducing vulnerability, which also covered burgeoning risks to society from threats such as epidemics and food insecurity.
Online intruders, who are out to steal from companies any information that can be resold on the so-called dark web, are victimizing 30,000 websites daily, he said. In addition to trying to ransack corporate databases, criminals sometimes implant malware that allows them to break into the computers and other devices used by people who visit compromised sites.
Another potential point of vulnerability is the real estate sector’s increasing reliance on wireless devices that are part of the “internet of things,” which increasingly is used to control lighting, power, and heating systems in commercial buildings. If the wireless networks that link such devices are not adequately secured, they could be taken over by hackers, Nigam said in a brief interview following the panel discussion.
Nigam painted a disturbing picture of the extent to which the internet already is controlled by criminals, whom he said are responsible for 80 percent of online attacks. The remaining 20 percent include intrusions by foreign intelligence agencies and governments waging cyber-warfare, and individual hackers who simply enjoy the challenge of cracking security systems.
But while the security expert did not minimize the danger, he said that companies could protect themselves by building multiple layers of defenses against online attacks. That way, even if an intruder manages to penetrate a corporate network, the criminal may be frustrated when he or she discovers that potential digital loot such as databases and email also are protected by encryption.
Nigam compared effective online security to the offline measures that hotels and resorts use to protect guests, such as the safes that they provide inside rooms to protect valuables, and electronic access controls that prevent nonguests from moving freely around inside the facility.
“You can put a deadbolt on the door,” Nigam explained. “You can also put a deadbolt on a database. Look at the way that you’ve done this for years in the physical world.”
For businesses that are unfortunate enough to suffer major breaches, internal chaos often ensues, Nigam said. That is because internal stakeholders sometimes have clashing interests that make it difficult to mount a coherent, coordinated response. “To a company’s chief financial officer, for example, the loss of sensitive data means ‘messing up my reputation, and deals are headed south.’ Meanwhile, the legal department is saying, ‘Shhh, don’t tell anybody, because we will get sued.’ And the chief executive officer is saying, ‘Why are you working here if you can’t fix this? You’re the CSO [chief security officer].’ ”
Another panelist, infectious disease specialist Dr. Binh-Minh “Jade” Nguyen Le, warned of the growing threat to tourism and the hospitality field from viruses such as Ebola and Zika. Dr. Le, who works at the University of Texas Southwestern Medical Center, said that in the developing world, deforestation and increasing migration of rural dwellers into congested urban slums were facilitating the spread of dangerous viruses. Globalism and jet travel then enable those diseases, which once were limited to isolated areas, to quickly spread to affluent industrialized nations, including the United States.
To compound the problem, climate change is making it easier for viruses to replicate, and increasing the breeding habitat and territorial range of mosquitoes, which spread many illnesses. “We humans have created the perfect viral weapon in the mosquito,” Dr. Le said.
To cope with the disease risk, it is crucial for the United States and other countries to invest in disease surveillance systems and an aggressive public health response. But the most effective solution would be to eradicate poverty in the developing world, and improve sanitation and medical care for people there, she said.