You are viewing 1 of your 1 free articles
Cyberattackers are changing, and we need to be ready
Too many housing associations around the UK have learned first-hand the damage that hacks can wreak, writes Douglas Silverstone, director of technology at Southern Housing and board member at Cambridge Housing Society
Too many housing associations around the UK have learned first-hand the damage that hacks can wreak, writes Douglas Silverstone, director of technology at Southern Housing #UKhousingHostile cyberactivity is on the rise. So much so that MPs and cybersecurity experts, including Rachel Reeves and Graeme Biggar, director general of the National Crime Agency, recently wrote to chief executives across the UK urging them to take the necessary steps to protect their business from cyberattacks.
In the past, state-sponsored cyberattacks committed by skilled hackers made up the bulk of incidents. However, now that hacking is more mainstream, the tools they use are more accessible. This means that weaponised malware such as ransomware, a software that is designed to extort money by blocking access to data until a fee is paid, are becoming the weapon of choice for many amateur hackers.
For housing associations, this evolving threat should not be taken lightly.
While skilled state-sponsored hackers are able to do considerable damage, often to government organisations, the chances of them targeting a smaller-scale organisation are slim. However, an individual armed with the knowledge of how to access and use ransomware? That could lead to a totally different and catastrophic outcome for any small organisation.
A state-sponsored hacker’s inherent risk is their skillset. They use deep and broad knowledge of an organisation and hacking to infiltrate systems and gain access in what are called T-shaped attacks. These attacks are sophisticated and are a real threat for any organisation of any size.
In comparison, amateur hackers use what we call V-shaped attacks, which utilise a single tactic of hacking and test it on multiple organisations, looking for weaknesses to exploit.
“If vulnerable people can be impacted as a result, it’s imperative that every step is taken to ensure cyberattacks are minimised”
No online system is bulletproof, and V-shaped hackers know this. They test their methods against a range of unsuspecting and unprepared organisations, and they are often successful with the ones that are least prepared.
Housing associations, which are particularly committed to the safety and well-being of their employees, customers, tenants and wider stakeholders, are most susceptible to these types of ransomware attacks and must keep up to date with cybersecurity in order to deter incidents.
If a tenant’s boiler breaks down, for example, housing associations rightly recognise the issues that can arise and make the repairs needed as a priority. However, with data and cybersecurity, this sadly isn’t the case yet. Too many housing associations around the UK have learned first-hand that without adequate cybersecurity, issues can persist for years. If vulnerable people can be impacted as a result, it’s imperative that every step is taken to ensure cyberattacks are minimised.
With these risks in mind, I have listed my recommendations below on how organisations should best protect themselves against cyberattacks:
-
First, only store what you need. The more data you keep, the more that is at risk in the event of a cyberattack. Minimise the risks by only storing the most relevant data, and responsibly disposing of superfluous data.
-
Second, you must have a contingency plan. No system in the world is impenetrable. For housing organisations storing data and acting as if there is no risk, the implications can be catastrophic. We cannot afford to make this mistake and therefore must have a plan on how to respond in the event of a cyberattack.
“By slowing a hacker down, you can buy your organisation time to protect data and force your hacker to move elsewhere”
The goal is not to defend better than a hacker, as this is likely unachievable due to today’s software, but to slow them down. By slowing a hacker down, you can buy your organisation time to protect data and force your hacker to move elsewhere.
Think of this as protecting your home: if someone wants to break in, they probably could. But if you have several fences, secure locks and CCTV to slow them down and make their task harder, they may think twice.
-
My final, and arguably simplest tip, is to train employees. We sadly cannot stop hackers from committing cyber crimes, but we can teach the most likely potential victims of the risks and signs of a cyberattack.
In the workplace, we train employees on health and safety to better understand potential risks around us. However, this is rarely done for cybersecurity. In the 21st century, that is something that has to change and if it doesn’t, this evolving threat will become increasingly serious, with even more damaging implications.
These steps may seem small, but they are significant. If housing associations allow their tenant and resident data to be at risk, can we really claim to be committed to their safety and well-being?
The harm that a cyberattack can bring can be huge and should not be ignored. Now more than ever, we must take cybersecurity seriously and adapt to a rapidly evolving threat.
Douglas Silverstone, director of technology, Southern Housing, and board member, Cambridge Housing Society
Sign up to Inside Housing’s Daily News bulletin
Sign up to Inside Housing’s Daily News bulletin, featuring the latest social housing news delivered to your inbox.
Click here to register and receive the Daily News bulletin straight to your inbox.
And subscribe to Inside Housing by clicking here.
Already have an account? Click here to manage your newsletters.
Related stories
