At the risk of starting this blog on something of a downer, times are tough. The cost-of-living crisis is affecting just about everyone and many organisations are struggling to cope.
Interest rates continue to rise, and the cost of new developments and existing maintenance is at its highest for a generation. This means housing associations face the same economic pressures as many of us, and social landlords are increasingly having to make challenging decisions over rents.
In tough times spending must bring value
For a lot of organisations this means that spending is under more scrutiny than ever.
As a technology company, we know only too well that often, when times get tough, IT spending can be one of the first things to go – especially when it’s investing in infrastructure or future proofing. Customers often tell us that if it’s not solving a problem here and now then decision makers don’t prioritise it.
When it comes to cyber security, this can be an extremely risky strategy.
Cost-of-living crisis is an opportunity for criminals
While it may be an extremely challenging period for organisations and businesses, the cost-of-living crisis is proving very fruitful for cyber criminals.
Ruthless hackers have been quick to roll out phishing campaigns targeting those struggling financially. And budget-strapped organisations scrimping on their cyber security have become easier marks.
What are the main threats?
Ransomware has exploded in recent years – The level of sophistication in ransomware attacks is higher than ever before. The emergence of ransomware as a service (RaaS) also means that attackers can launch ransomware for as little as £50. This low cost of entry means that many hackers have actively pivoted to targeting smaller, less high-profile organisations – such as housing associations. And while the sophistication of ransomware actors does present a real challenge, good cyber hygiene will make your organisation a less attractive target and, in turn, can greatly reduce your risk.
Business email compromise (BEC) is handing hackers the key to the kingdom – Emails are so often a window into some of the most sensitive inner workings of an organisation. That’s why they are attractive to attackers. BEC can prove a relatively low resistance way for hackers to gain access to your inner sanctum and is often an entry route for more sophisticated ransomware. The diligence of your people are your most important line of defence when it comes to stopping BEC. Suitable training on best practice combined with some decent tools can greatly reduce the chances of a BEC breach.
Poor configuration allows external service compromise (ESC) to roll out the red carpet for ransomware – Poor configuration, slow patching protocols and zero day vulnerabilities all offer a window of opportunity for attackers to gain entry to your network. Often it’s this kind of exploit that allows ransomware to gain access and do the real damage. But a combination of defensive and offensive approaches can significantly reduce your exposure to this kind of breach.
Cyber as an enabler
By neglecting your cyber security strategy, you can leave your organisation more open to a successful cyber-attack which could cause significant damage, especially if sensitive tenant data is made public. But you’ll also miss out on the broader benefits that strong cyber security brings. Although often overlooked, maintaining a strong cyber security posture can in its own right improve many areas of an organisation. In short, it can act as an enabler, not just a cost centre.
By far the most effective way to mitigate against cyber threats is by adopting a robust and comprehensive security posture. This means treating cyber security as more than just a tick box exercise. A strong approach to cyber security should be baked into any modern organisation’s strategy, forming an integral part of the day-to-day operations.
This approach brings a whole range of supplementary benefits beyond simply protecting against breaches:
Earn tenants’ trust – many individuals are more and more security aware and, as a result, expect organisations they work or engage with to have appropriate cyber credentials. Simply put, by demonstrating a good cyber security strategy, you can relieve many of the concerns that your tenants may have when it comes to the secure storage of their data. When done right, it can even become a badge of honour.
Driving innovation – as organisations grow, generally, so will their workforce and the amount of technology they use on a daily basis. As this happens the risk of an attacker getting access to the environment also increases.
Poorly patched technology can leave technical routes in. And employees either lacking effective training, working under pressure, or working in a ‘blame culture’ can create an easy route in for attackers. By getting cyber security right early on, organisations can grow and innovate, safe in the knowledge they are protected from cyber threats.
Protecting employees – whether they like it or not, all employees have some responsibility for cyber security. Nobody wants to be the person that clicks a phishing link and potentially causes an organisation to suffer a breach. This can cause stress for your staff making them less effective and less happy at work. By getting cyber security right, this stress can be relieved, enabling employees to focus on the important stuff.
Your next steps
If you’d like to know more about the specific cyber security threats that are most likely to affect housing associations, you can check out our series of four bitesized webinars on exactly that topic. They’ll help you understand the risks facing your industry and some of the things you can do to mitigate them.
Watch all four episodes here.