Unexpected Cyber Threats Put Housing Associations and Tenants at Risk

Housing associations across the UK increasingly find themselves in the crosshairs of highly skilled cybercriminals. According to RSM UK, a whopping quarter of housing associations have suffered an attack in the last 12 months. This tidal wave of high-profile attacks has exposed – how vulnerable these organisations can be to data breaches, ransomware, and system disruptions. With many housing providers handling sensitive data on tens of thousands of UK tenants, the stakes could not be higher.

Not just compromised data

Clarion Housing Association – the country’s largest with over 125,000 homes – was struck by a major cyber-attack that crippled both its IT systems and phone lines. While the full extent of the breach remains unknown, Clarion warned tenants that their data may have been compromised. The incident follows similar attacks in recent years on housing providers like Bromford and Connexus (the latter needs to be clarified about the amount of tenant data stolen) and local councils that manage public housing.

The effects of these cyber incidents are severe and widespread. For tenants, they put their private information – such as financial records and contact details – at risk of being exposed or held for ransom by criminals. Housing services can halt, making reporting maintenance issues or making rent payments impossible. At best, this poses a significant inconvenience for tenants, landlords and organisations alike. Or, at worst, a threat to housing security for some of the UK’s most vulnerable people in society, such as the elderly, disabled and low-income population.

Not hours… but days or even weeks for recovery

Successful breaches lead to costly downtimes, lengthy reparation procedures, potential ransom payments, penalties from bodies such as the ICO for failure to protect citizens’ data, and highly long-lasting reputational damage. For example, the Bromford attack took days to recover, while a council in South West England is still working to fully restore its systems two years later, having shelled out hundreds of thousands of pounds. Many entities cannot afford these major financial blows and operational disruptions, especially during the current cost of living crisis.

So, why are housing associations such an attractive target for cybercriminals? And what can be done to better shield the sector against escalating threats?

The vulnerabilities of businesses holding sensitive data

A key factor making housing associations a lucrative target is their heavy digital footprint and the sheer volume of sensitive data they hold online. As organisations embrace the digital world to provide modern online services and store data effortlessly, they exponentially increase the potential attack vectors that cybercriminals can exploit. More smart home and office technology, online customer portals, and web-connected devices mean more endpoints to be secured. Moreover, criminals also perceive housing associations as having weaker cyber defences than other sectors. Budgetary constraints often prevent robust investments in cyber security measures and IT teams. The survey from RSM UK found a shocking 75% of housing associations felt underprepared to deal with ransomware attacks.

The data itself is also precious on the dark web. Housing records contain a treasure trove of personal information on tenants, including contact details, financial data, and home addresses, that can be used for follow-on phishing, fraud, and even physical home break-ins. Analysts estimate cybercrime costs the British economy £27 billion annually, providing ample incentive for criminals to target housing associations.

Deliver the reassurance that tenants crave

While facing this escalating risk, housing associations must take proactive steps to prioritise cyber security and safeguard their systems, data, operations and customers. This goes beyond achieving minimum compliance standards to adopt a comprehensive, vigilant security stance.

Crucial capabilities include steadfast threat monitoring and vulnerability scanning to identify and patch security gaps before cybercriminals can exploit them. 24/7 security operations centre (SOC) services can provide cost-effective, round-the-clock monitoring that most housing associations lack in-house and the reassurance tenants crave. Penetration testing is also vital, potentially using certified ethical hackers to probe for vulnerabilities from an attacker’s perspective. Combining this offensive approach with defensive meticulous cyber hygiene like software updates, multi-factor authentication, and data encryption makes it infinitely more complex for real-world criminals to carry out a breach successfully.

Regular security awareness training must also be provided to educate employees on evolving threat vectors like phishing, which remains the most common initial attack vector: human error and a lack of cyber awareness among staff open doors for cybercriminals to explore.

Another major weakness is third-party vendors and supply chains, which criminals often use as indirect attack routes to targets. Housing associations must implement strict vetting processes and security requirements for all suppliers and partners.

Predefined and practised working protocols

Housing associations must have comprehensive incident response and disaster recovery plans ahead of time. When attacks inevitably occur, having predefined protocols regarding containment, recovery, and communication is critical to minimising damages and restoring operations as quickly as possible. Too many housing associations have learned the hard way through devastating cyberattacks in recent years. However, by treating cybersecurity as an essential business imperative rather than an afterthought, these organisations can avoid escalating threats and better secure their systems, data, staff, and tenants. With dwindling budgets available during the current cost crunch, providers need partners that deeply understand their challenges and can strategically align services to their priorities.

No organisation is immune to cyber threats in today’s hyper-connected world. But, through concrete investments and strategic partnerships, housing associations can dramatically improve their cyber resilience and focus on their core missions of providing safe, reliable homes and services to all who need them.

At Thrive, we specialise in delivering tailored cybersecurity solutions designed for housing associations’ unique challenges.

The need for action is clear.

Don’t allow your housing association to become another cybercrime statistic. Contact Thrive today so we can work alongside you to comprehensively safeguard your systems, data, team, and tenant community with cutting-edge cybersecurity services. Using our CIS-aligned frameworks we allow you to provide your services with inbuilt peace of mind.