The increased threat of ransomware in housing
Cybercriminals no longer simply target multinational companies, the NHS or governments with ransomware; they increasingly have smaller organisations, such as housing providers, in their sights.
Before the pandemic, digital transformation was already underway, with housing providers adopting smart home solutions, introducing tenant portals and generally taking a ‘digital first’ approach. However, the pandemic accelerated technological change to a lightning-fast pace across the sector. Housing staff also had to switch practically overnight to remote working, with IT teams working overtime.
This rapid change, while necessary, needed to be matched by an increased focus on robust cybersecurity. However, in some cases, cybercriminals took this change as an opportunity to exploit IT vulnerabilities by deploying ransomware to encrypt files and exfiltrate sensitive data.
Safeguarding issues come to the fore here; some tenants are vulnerable, and housing providers’ records include those of individuals who have suffered domestic violence, modern slavery and child abuse. The consequence of such data falling into the wrong hands is very damaging.
Over the years, housing providers’ IT estates have suffered from chronic underinvestment, with a handful of staff (often IT generalists) being responsible for everything, including the increasingly complex world of cybersecurity. The inheritance of legacy IT from mergers and acquisitions and the security risks presented by managing third-party suppliers have added to their burden.
By contrast, the organisations carrying out the ransomware attacks have become increasingly sophisticated, with well-organised company-style structures. Contrary to what you might think, many organisations resort to paying up because service interruption doesn’t seem a viable option.
Yet it is possible to mount an effective defence against ransomware, even with a stretched IT team. A top-down approach is needed, with cybersecurity no longer being the IT team’s sole responsibility. Cyber governance needs to be introduced at a board level because the massive cost of remediating a breach, combined with the loss of sensitive data, can have long-lasting repercussions for any organisation.
Preparation is critical – housing providers need to plan on the basis that a ransomware attack is inevitable. Some of this activity comes with little cost attached, such as patching, regular staff cybersecurity awareness training, and creating incident management and business continuity plans. The National Cybersecurity Centre (NCSC) has a trove of useful documents on its website outlining the measures that it recommends organisations take to secure their data. Also, the NCSC’s invaluable ‘exercise in a box’ simulation can help to identify security gaps.
Even with all these bases covered and, crucially, the right security software in place, a ransomware attack can still happen.
David Armstrong, chief financial officer, Flagship Group, said, “This isn’t a case of if you’re going to be attacked, it’s a case of when. The reality is that your organisation is constantly under attack, your security systems are repelling thousands of attacks every single day. Some will get through; it’s only a matter of time.”
When it does happen, small IT teams can feel overwhelmed quickly and panic spreads throughout an organisation, especially if the attack occurs outside normal working hours. Even making backups is no guarantee of safety against the loss of files because cybercriminals can now easily identify online backups.
Endpoint detection and response (EDR) tools are often bought to monitor the network for suspicious behaviours and mitigate against them. However, it takes real expertise and time to use them properly. In these circumstances, buying in a managed threat response (MTR) service is a solution. At Sophos, a human-led threat hunting team works in parallel with AI technology to hunt, detect and respond to suspicious activity 24/7, maintaining an ongoing dialogue with IT staff. More than just a notification service, they can take targeted actions on your behalf, with the level of involvement from your IT team being entirely within your control. Because these teams are so familiar with malicious behaviour, once detected the issue is often resolved within the hour.
It’s clear that the increasing frequency, complexity and cost of ransomware attacks should make planning for these events one of the top priorities for housing providers. Having cybersecurity experts in your corner at all times ultimately gives you peace of mind from knowing that you’re doing all you can to keep your core services running for your tenants.
Jonathan Lee is the director of the public sector for Sophos.