• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Search Archive
  • Home
  • Research
  • Magazine
  • Events
  • Recruitment
  • On Demand
  • Contact
Home / Free Subscriber Access / Are you ready for a breach?

Are you ready for a breach?

The increased threat of ransomware in housing

Cybercriminals no longer simply target multinational companies, the NHS or governments with ransomware; they increasingly have smaller organisations, such as housing providers, in their sights.

Before the pandemic, digital transformation was already underway, with housing providers adopting smart home solutions, introducing tenant portals and generally taking a ‘digital first’ approach. However, the pandemic accelerated technological change to a lightning-fast pace across the sector. Housing staff also had to switch practically overnight to remote working, with IT teams working overtime.

This rapid change, while necessary, needed to be matched by an increased focus on robust cybersecurity. However, in some cases, cybercriminals took this change as an opportunity to exploit IT vulnerabilities by deploying ransomware to encrypt files and exfiltrate sensitive data.

Safeguarding issues come to the fore here; some tenants are vulnerable, and housing providers’ records include those of individuals who have suffered domestic violence, modern slavery and child abuse. The consequence of such data falling into the wrong hands is very damaging.

Over the years, housing providers’ IT estates have suffered from chronic underinvestment, with a handful of staff (often IT generalists) being responsible for everything, including the increasingly complex world of cybersecurity. The inheritance of legacy IT from mergers and acquisitions and the security risks presented by managing third-party suppliers have added to their burden.

By contrast, the organisations carrying out the ransomware attacks have become increasingly sophisticated, with well-organised company-style structures. Contrary to what you might think, many organisations resort to paying up because service interruption doesn’t seem a viable option.

Yet it is possible to mount an effective defence against ransomware, even with a stretched IT team. A top-down approach is needed, with cybersecurity no longer being the IT team’s sole responsibility. Cyber governance needs to be introduced at a board level because the massive cost of remediating a breach, combined with the loss of sensitive data, can have long-lasting repercussions for any organisation.

Preparation is critical – housing providers need to plan on the basis that a ransomware attack is inevitable. Some of this activity comes with little cost attached, such as patching, regular staff cybersecurity awareness training, and creating incident management and business continuity plans. The National Cybersecurity Centre (NCSC) has a trove of useful documents on its website outlining the measures that it recommends organisations take to secure their data. Also, the NCSC’s invaluable ‘exercise in a box’ simulation can help to identify security gaps.

Even with all these bases covered and, crucially, the right security software in place, a ransomware attack can still happen.

David Armstrong, chief financial officer, Flagship Group, said, “This isn’t a case of if you’re going to be attacked, it’s a case of when. The reality is that your organisation is constantly under attack, your security systems are repelling thousands of attacks every single day. Some will get through; it’s only a matter of time.”

When it does happen, small IT teams can feel overwhelmed quickly and panic spreads throughout an organisation, especially if the attack occurs outside normal working hours. Even making backups is no guarantee of safety against the loss of files because cybercriminals can now easily identify online backups.

Endpoint detection and response (EDR) tools are often bought to monitor the network for suspicious behaviours and mitigate against them. However, it takes real expertise and time to use them properly. In these circumstances, buying in a managed threat response (MTR) service is a solution. At Sophos, a human-led threat hunting team works in parallel with AI technology to hunt, detect and respond to suspicious activity 24/7, maintaining an ongoing dialogue with IT staff. More than just a notification service, they can take targeted actions on your behalf, with the level of involvement from your IT team being entirely within your control. Because these teams are so familiar with malicious behaviour, once detected the issue is often resolved within the hour.

It’s clear that the increasing frequency, complexity and cost of ransomware attacks should make planning for these events one of the top priorities for housing providers. Having cybersecurity experts in your corner at all times ultimately gives you peace of mind from knowing that you’re doing all you can to keep your core services running for your tenants.

Jonathan Lee is the director of the public sector for Sophos.

See More On:

  • Vendor: Sophos
  • Topic: Infrastructure
  • Publication Date: 081 - May 2021
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • IT operating models in housing
  • Housing Technology’s Data Management 2024 report
  • Seamless, slick & fast self-service
  • Link Group – How to do digital-aided design
  • Regulatory compliance vs. complexity, poor data & resources
  • Wirral Council opts for Simpson Associates’ analytics & Microsoft Fabric
  • Full-fibre for data, regulations and housing quality
  • Aspire Housing’s faster grants with Charis Shop
  • Switchee nets three new wins
  • Manifest’s speedy Universal Adapter integration for Clanmil Housing & CTS
  • Picking up the pieces – The changing role of housing providers
  • IntoZetta’s annual ‘data in housing’ survey results… part three
  • Mobysoft’s AI-powered repairs for BDHT
  • Step-by-step audit preparations
  • Cadcorp’s cloud mapping at Torus
  • Totalmobile & WorkPal team up for field-service ‘powerhouse’
  • Review of Data Matters 2023
  • Data quality and self-service portals
  • Platform Housing’s move to Azure with Simpson Associates
  • Havebury Housing on the map with Cadcorp
  • A mobile-first approach to resident fire safety
  • Plentific takes on new customers & 157,000 properties…
  • Combating mould – Linking ‘feet on the ground’ with IT
  • Are you there? Regulatory scrutiny & tenant data
  • Derby’s AI-powered phone handlers with ICS.AI
  • NEC Housing & Switchee’s damp & mould partnership
  • Aberdeenshire Council cuts arrears with Mobysoft
  • FourNet launches shared AI service for housing
  • Housing Technology 2024… Bigger than ever
  • Self-service apps and portals – What’s right for you?

Footer

Housing Technology
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Blog
  • Search All Articles
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2023 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293