solicits the general opinions of one cybersecurity firm with eyes keenly affixed on realtors and building managements in the region.

Real estate businesses possess sensitive data such as information pertaining to high-value banking information, addresses and contact details.

To prevent the breach of such sensitive information, the industry—along with many other sectors—must prioritize network and cloud security in its infrastructure.

In Asia, the cybersecurity situation has unique in some areas, which CybersecAsia discovered when interviewing Sonit Jain, CEO, GajShield Infotech.

Sonit Jain, CEO, GajShield Infotech

CybersecAsia: What is the cybersecurity awareness level of real-estate companies in Asia?

Sonit Jain (Sonit): Asian companies are more vulnerable to cyberattacks due to their lack of preparation. Statistics show that hackers are 80% more likely to attack organizations in Asia mainly due to the lack of strong cyber-regulatory environments and sufficient investments in cybersecurity across the region (in general).

Also significant is the region’s shortage of cybersecurity talent: Some 42% of HR professionals surveyed have predicted a shortage of cybersecurity professionals.

Finally, Asian companies spend relatively less on information technology security and take almost twice as long to respond to a data breach compared to global competitors, paving the way for cybercriminals and state-sponsored actors (advanced persistent threat actors or APTs)to target the weaker parts of the region.

CybersecAsia: Since the real estate business involves high finance, what are the key factors that stop realtors from being cybersecurity-centric? 

Sonit: Attribute it to an ever-widening gap between reality and perception. Insufficient defenses against a growing attack surface are the reasons why realtors in the region (in general) are not keen on investing more on cybersecurity, in my opinion.

CybersecAsia: While the concepts of smart buildings and smart homes are evolving, how secure are the buildings?

Sonit: Smart buildings are protected against cyberattacks on their operating systems. Secure elements are implemented using integrated hardware-based security solutions that protect the confidentiality, integrity and authenticity of information and devices, thereby protecting the individual privacy of occupants.

Network communication technology and embedded micro-electromechanical technologies have received much attention. Many can integrate various devices that can ultimately improve detection, identification and communication capabilities in intelligent systems in smart buildings.

AI-based systems play an important role in realizing the five main perspectives of energy optimization in smart buildings: occupant, comfort, security, design and maintenance.

CybersecAsia: What vulnerabilities are more pervasive in the region’s real estate sector? 

Sonit: The real estate industry is responsible for a large number of financial transactions involving confidential information. With a vast amount of their sensitive data in the Cloud, the industry is fair game to hackers.

Facilities and their cleanup are not the only issues real estate agents tolerate. Industry-wide, the following are popular types of attacks that hackers launch against real estate and lateral industries: 

  • Business email compromise 
  • Ransomware 
  • Cloud service provider vulnerabilities

CybersecAsia: How can the industry prevent cyberattacks in third-party cloud services?

Sonit: Although not conventionally linked with high-risk industries like healthcare, finance, or manufacturing, the real estate industry in the region still witnesses a fair share of cybercrime. Considering the massive amounts of finances and personal data involved with many real estate transactions, it is easy to envision how real estate companies could become easy targets.

Like most enterprises, real estate businesses also make use of cloud-based database storage and computational resources to stockpile confidential data and uphold business continuity. This is because resorting to third-party-provided cloud-based services can be cost-efficient for real estate as they facilitate them to save thousands generally spent on producing a full-fledged IT infrastructure.

Cloud data security tools by third-party services will help a dynamic industry like real estate maintain constancy and will empower businesses to scale their operations across public or private cloud settings without stressing about data breaches or other cyber-attacks.

While such services may be protected to a certain extent, making use of a tailored cloud security infrastructure will make them more secure against malicious threats. These services will aid in cyber recovery through well-organized data backups in times when customer or property-related information is unintentionally inaccessible or if stolen and ransomed by cybercriminals. 

CybersecAsia: Can you suggest some top 5 cybersecurity best practices for real estate firms in Asia?


  1. Understanding cyber risk exposure 
    • Industry and sector benchmarking exercises
    • Risk quantification, mapping and modeling
  2. Strengthening of internal capabilities 
    • Protection of infrastructure and network security 
    • Talent management (i.e., attracting and retaining cybersecurity experts) 
  3. Improving cyber-analytics 
    • Leveraging threat intelligence 
    • Vulnerability management
  4. Manage the impact of incidents 
    • Impact mitigation 
    • Crisis management
  5. Minimize business disruption 
    • Incident response plans 
    • Strategic risk transfer plans