It seemed unlikely, at one point, that the housing sector would ever become a prime target for cyberattacks. Sadly, predatory cybercrime now affects every organisation, including every type and size of housing association.


The Sophos whitepaper, Housing Association Cybersecurity, undertake a deep-dive into the impact of ransomware attacks. (Photo by Nirian)

Like other industries, the problem of cybersecurity risk is compounded by limited budgets, and complex technological constraints. The pandemic also contributed to the situation, with many organisations forced to rush to establish remote working with no planning.

And like those other industries, housing associations are vulnerable to ransomware attacks – described as the biggest online threat to people in UK, according to the National Cyber Security Centre (NCSC). The most disruptive of the current threats, long-lasting effects of a ransomware attack include a loss of service, damage to reputation, the cost of remedying the situation, plus the long term issue of data loss and possible regulatory action.

The defining characteristic of modern malware is the ability to crawl through any crack in an organisation’s systems, however small. This could stem from phishing, drive-by exploits, the direct hacking of Internet-facing or even a USB stick. Once inside, limiting ransomware’s spread can be a battle as it can potentially evade detection for hours, or even weeks.

In this Sophos whitepaper, Housing Association Cybersecurity, we undertake a deep-dive into the impact of ransomware attacks. We outline what to look for in terms of any potential weaknesses within the organisation and provide best practice advice to help associations mitigate against suck attacks.

Moreover, we provide practice advice for an incident response in the worst-case scenario of a ransomware attack, highlighting good training and careful pre-planning. This is vital as even organisations with an in-house IT team will still have gaps in their coverage.

The whitepaper discovers that while some associations have struggled, others unexpectedly have flourished, using the opportunity to change the way they work to become more mobile and responsive. Time and again, small IT departments have shown flexibility and resilience, keeping their organisations functioning despite taking on a multitude of new cybersecurity and data protection risks.

As part of this, we profile three housing associations that have their own solutions in the face of such cyberattacks.

Importantly, it also reveals that the sector is undergoing a major digital transformation as technologies such as cloud applications, Internet of Things (IoT), artificial intelligence (AI) and automation start to exert their influence.

Ultimately, what counts is that housing associations fulfil their remit to give tenants access to affordable, decent housing. If technology is a growing part of achieving that ambition, cybersecurity is fundamental to making it viable. As in many other sectors, housing associations must adapt to the acceleration of cyber risks – but without panicking. Being a target is now a fact of life, but becoming a victim is not.

Download the report here.