Skip Ribbon Commands
Skip to main content

Real Estate and Construction Cyber Security Case Study


Keeping SMART Buildings Cyber Secure

While smart buildings are increasing efficiencies as well as providing in-demand services for more connected customers, breaches to internal building networks are an emerging risk real estate developers need to acknowledge and manage.

The Challenge

A leading Canadian commercial real estate developer with interests across North America and Europe wanted to assess how vulnerable their properties were to cyber security breaches in their building networks.
The innovations in the so-called smart buildings served to streamline services, enhance processes and reduce operational costs but the client did not have a clear understanding of their security posture. The client wanted to understand and identify potential cyber security gaps in the various systems connected to the building network and drive strategies to develop standards to effectively protect critical infrastructure.
They selected MNP’s Cyber Security team to perform an internal penetration test against the internal building networks, based on our deep expertise and experience, ability to work with third-party vendors and willingness to complete the project during after-hours and tight timelines during a busy holiday season.

Our Approach

MNP’s Cyber Security team performed penetration tests during after business hours to attempt to access sensitive systems and escalate privilege. In other words, our team mimicked potential malicious attackers, identified weaknesses and broke through a number of systems, including access card and security camera systems. Direct contact information was provided to each site team and regular communication was established during the multi-day process to ensure both rapid escalation and remediation of significant issues. In one instance, a weakness in the network resiliency was identified when the entire smart building infrastructure network crashed during a routine vulnerability scan. Other vulnerabilities, both human and system-related, were identified during the process.

The Outcome

MNP produced detailed penetration test reports for each property and delivered an executive-level presentation to senior leaders to increase their understanding of the company’s security stance. We recommended establishing strategic coordination of external vendors as well as establishing dedicated IT manager / coordinator to address security integration and deployment.
The developer also completed follow-up work to review their security policy, resulting in increasing cyber security visibility for both the corporation and its third-party service providers.