• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Search Archive
  • Home
  • Research
  • Magazine
  • Events
  • Recruitment
  • Blog
  • On Demand
  • Contact
Home / Free Subscriber Access / A clear and present danger

A clear and present danger

For many boards and executives, cyber security is a matter for the IT crowd. It’s mildly interesting, and we read the news with mixed horror and fascination about ransom attacks on large companies. It’s probably there somewhere on the risk map and gets occasional attention from the risk and audit committee. But recent events have surely pushed cyber security right up the governance agenda. Housing providers, charities and local government have all been hit by ransom attacks. Others have experienced serious data breaches, sometimes without any malign external agency – unforced errors, as it were.

As it turns out, the first ransom attack was in 1989, using floppy disks. The risk of an attack has risen ever since and quadrupled in the last decade, not least because of certain authoritarian states which sponsor, or at least tolerate, cyber crime. A few weeks ago, the entire health system in the Republic of Ireland was affected by an attack. For some companies, cyber crime has proved an existential risk, with insolvency the eventual consequence.

Weapons of war

On the international stage, cyber attacks have effectively become a weapon of war – just remember the Israeli sabotage of the Iranian nuclear programme. It’s even conceivable that an attack could bring down a major financial institution or, in an extreme case, the entire financial system. To make it more personal, how much would you pay to be released from imprisonment in your smart car or even from your smart home?

The consequences of an attack can therefore be serious. Lives could be lost. Paying the ransom might turn out to be the lesser of various evils, and some UK and other firms have already paid vast sums in cypto-currency ransoms. Personal data can be lost or abused, with business processes disrupted for weeks or even months. Litigation can often follow. The costs and disruption can be huge. And the risk is not just to organisations, but to tenants and service users as well.

A global dark industry at work

Cyber crime has become a global dark industry, alongside illegal drugs, people smuggling and extortion. It is parasitical, remorseless and powerful. Annual ‘turnover’ may be as much as $20 billion, although that is hard to quantify for obvious reasons. As with any other industry, there is assiduous attention to branding; we have all now heard of ‘SolarWinds’, ‘NotPetya’, ‘SoBig’, ‘WannaCry’ and many more besides. And the pandemic, with so much remote working, has opened up new vulnerabilities which have been eagerly exploited.

The key point here is that there can be no fully-effective protection from attack. Precautions are important, of course, but there are many points of vulnerability, some of them inherent in the software systems we use. Human error and corner-cutting add to the risk and can never be eliminated completely. It’s therefore necessary to assume that every organisation may be affected at some point in the future and perhaps held to ransom for its data. Several of our clients, in housing and other sectors, have already been affected in various ways.

What’s to be done? First of all, every housing board and their relevant committees need to give this their full attention. To do this, they will need access to deep expertise. Indeed, it’s becoming highly desirable, if not essential, to have such skills represented among non-executives. Leadership skills are also important; more and more organisations are creating executive-level posts for the chief information officer. Relentless curiosity, scrutiny and questioning need to become the order of the day.

Assume the inevitable

We must assume that cyber crime will happen to us one day. So part of the agenda should be about preparing for such an event; there is some excellent guidance in earlier editions of Housing Technology about the best ways of reacting once the enemy has already breached the outer walls. And don’t use emails to communicate about it – the enemy can read them!

Strong defences should help, but the hackers are smart and well resourced; as the saying goes, it’s more fun to be a pirate than a coastguard. Now is the time to start thinking about back-ups and contingency plans. It would be a good idea to ‘war game’ some scenarios at governance and operational levels. For example, if all of your data were held to ransom and you had to start again from a back-up that was, say, two-months old, how would you go about achieving that? It’s not easy going back now to the Jurassic era of index cards. Ideally, if your data were held to ransom, you would be able to resist the extortionate Bitcoin demand and get back in business relatively quickly, with expenditure and disruption contained within reasonable levels.

It’s about governance, not IT

For boards and risk committees, there are some important questions to consider. One obvious one – are your cyber defences as good as they can be? It may be worth getting some external agency to test them, trying to simulate a hacker attack. A strong and compliant organisational culture is another important line of defence, and this has also been well discussed in previous articles in Housing Technology. However, it goes beyond just your own defences; you also need to consider those of your suppliers and third parties, such as your maintenance contractors with access to some of your systems. Third-party software systems can also be a problem, such as those used for mass mailings.

Another area for attention is that of insurance. After a ransom attack, dealings with insurance companies often becomes contentious because they inevitably look for reasons not to make good the losses. It’s well worth looking at the detail of the relevant policies and also at the track record of your insurance provider in dealing with other clients. As an aside, a recent high-profile victim of a successful ransom attack was in fact one of the major insurers covering cyber risk – and they had to pay up!

Governance bandwidth

The over-riding message here is that this important subject now deserves serious governance bandwidth, based on having access to the necessary expertise and advice, so that proper scrutiny can be done.

The enemy is powerful, well-resourced and busy scanning advanced economies for easy targets. They are the wolves and we are the prey. Housing providers haven’t yet been the main focus but could easily become so.

Now is the time to prepare, test and scrutinise. Yes, it may never happen, but if and when it does, you must be as ready as you can. The danger is indeed clear and present.

James Tickell is a partner at Campbell Tickell.

See More On:

  • Vendor: Campbell Tickell
  • Topic: Infrastructure
  • Publication Date: 083 - September 2021
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Free cyber-defence tools from NCSC
  • Learning from history
  • Grand Union Housing gets connected with Aico HomeLink
  • The silences in the system: Predicting and preventing damp and mould
  • Looking back and to the future: Cyberthreats in social housing
  • Hyde signs repairs contract with Totalmobile
  • Fuelling high performance automation
  • Morgan Sindall’s Carbon Zero decarbonisation tool
  • An ethical approach to arrears
  • Housing and the ever-evolving workplace
  • Supporting residents with home safety risks
  • Less innovation & more service design at RHP
  • Ateb Group outsources IT help desks to Central Networks
  • Capital Letters partners with Evo Digital to tackle homelessness
  • Calico appoints M247 for digital transformation
  • 24/7 care requires 24/7 technology
  • Govtech trends for 2023
  • Are you ready for business process automation?
  • Lincoln council moves to the cloud with Civica
  • Why do IT business improvement projects fail?
  • Flagship and Ebrik launch augmented reality app
  • Following the golden thread
  • Setting the standard for carbon-monoxide protection
  • The business case for data
  • Digital twins – When, not if…
  • Using data to build communities
  • The cyber-security jigsaw’s missing piece – Managed detection & response
  • Cyber-security challenges in housing
  • Digitalising retrofits with SHDF & HomeLink
  • Tips for improving care and support

Footer

Housing Technology
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Blog
  • Search All Articles
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2022 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293

htc23 pop banner