Clarion Housing Group, one of the largest housing associations in the UK, are still suffering from a suspected malware attack that happened more than a month ago. Critical IT systems used for services such as repairs, reporting and resident enquiries remain offline, causing disruption to 350,000 residents across 125,000 UK homes. Though the chaos doesn’t end there. The Clarion Housing cyber attack also breached the personal data of its residents, which Clarion are still unsure of the extent to which data stored outside of their CRM has been impacted.
The disruption has led to the SHAC (Social Housing Action Campaign) stepping in, calling for government ministers to intervene.
Suzanne Muna, SHAC secretary, said: “We are asking for government to urgently intervene in the governance of Clarion after it shut down most of its services on June 17 2022 following a cyber attack. Services have not yet been restored and the organisation has yet to provide a date for doing so.”
The SHAC has also sent an open letter to government ministers saying:
“Clarion had not sufficiently prepared for a major systems outage of this nature. The responsibility for this failure lies ultimately with the board.
Our members ask that the Minister of State use his powers of office to remove and replace the Clarion board with competent governors in the immediate future and engage with tenants and residents over the long-term future of the organisation.”
Personal data is a common target for cybercriminals in most cyber attacks and the impact of suffering a breach often does not end with the organisation itself. Despite Clarion claiming that no personal data was accessed from their CRM, residents are reporting having experienced a significant increase in targeted phishing attacks. A poll run by the SHAC concluded that 84% of residents suffered an increase in phishing activity. One resident reported having received 31 phishing attacks in three weeks.
In scenarios where personal data has been accessed such as the Clarion Housing cyber attack, cybercriminals usually tailor phishing emails to make them more believable and relevant to the event. Phishing emails born from the attack are likely to impersonate Clarion to its residents and may include harmful links and attachments to further spread malware, or will ask sensitive questions around bank details and other personal information.
Clarion Housing have informed residents that:
- They will never ask residents to change bank details.
- They will never ask residents to pay money into another account and if you are in any doubt, to contact them through Live Chat.
- They will not ask residents to transfer money to a ‘safe account’.
- They do not ask residents by text message to make a payment.
They close their guidance with: “If you are unsure and something doesn’t feel right, stop”.
Security Measures to Prevent and Respond to Cyber Security Incidents like the Clarion Housing Cyber Attack
It’s obvious from claims made by the Social Housing Action Campaign that Clarion Housing didn’t have sufficient security measures in place to prevent or respond to a cyber attack.
What stands out in this case is a lack of awareness to cyber security threats from the board level through the organisation. Although it’s still unclear how this attack unfolded, over 90% of modern-day cyber attacks are targeted towards employees, meaning it’s likely that a member of staff was involved in unknowingly enabling the attack. A high level of security awareness throughout the entire organisation would significantly lower the risk of suffering a breach and would aid a faster response time. This can be achieved through cyber security training and phishing testing for employees.
Another standout issue with the Clarion Housing Cyber Attack is the slow response time and lack of understanding of the severity and impact of the breach. It’s clear that security measures such as threat monitoring and data loss prevention have not been in place to prevent but also manage a breach. Visibility of network activity and threats is an essential part of a strong security posture.
Modern cyber security solutions such as Extended Detection and Response (XDR) cover all bases when it comes to preventing and responding to a cyber security incident. An XDR solution gives an IT team visibility of network activity and flags suspicious actions such as potential malware entering the network through 24/7 threat monitoring.
In the rare case that a breach occurs (often through actions taken by an employee), an incident response plan is needed to limit the downtime of systems and disruption to customers. Emergency support is available to those who need it, though it’s better to have something in place prior to an attack to ensure the most efficient response possible.
If your organisation is looking for cyber security advice or has a requirement for Security Awareness Training and Testing or XDR, please get in touch.