This year’s Housing Association Partnership Network (HAPN) event brought together the great and the good from the housing sector for two days of learning and relationship building, as the sector looks to drive further innovation and growth in 2025 and beyond.

As a strategic IT partner to a significant number of housing associations and organisations – including the likes of Citizen Housing, Southway Housing Trust, Merlin Housing Society, Two Rivers and Transform Housing and Support – we were proud to be at HAPN sharing insights with the wider sector.

Our senior solutions architect Justin Taylor delivered one of the keynote talks at HAPN, outlining how cybercriminals are breaking into the housing sector, and how to prevent them through organisational preparedness and comprehensive vulnerability scanning.

In today’s blog we round-up the five key takeaways from Justin’s talk, helping you to understand and react to the threat.

1. Threats are growing: Email compromise and ransomware are rising year on year

The stats don’t lie. The volume and overall cost of email compromise and ransomware attacks continue to grow, year on year.

Between 2022 and 2023, financial losses due to email compromise grew by 7% from $2.7bn to $2.9bn.

As for ransomware incidents – the number of successful ransomware attacks grew by 18% in 2023 to 2825. That’s up from 2385 in the previous year.

Overall losses due to cybercrime reached $42bn in 2023.

While the 2024 numbers are not yet available, we’re confident there will be another rise in the most recent set of figures when they’re released.

2. Defending is hard: Multiple attack vectors and a shifting landscape

The landscape of cybersecurity threats to housing associations continues to develop at pace. Threat actors are varied and numerous. Here are some of the key threat actors to be aware of:

2.1 Nation-state actors

These are typically countries outside of the UK, the EU and the USA. Nation-state actors pose a significant cybersecurity threat to UK organisations, including those in the housing sector. Whether due to geopolitical motivations, data theft or espionage, nation-state actors have the resources and the skills to cause significant disruption.

Housing organisations are part of a broader critical national infrastructure. Disrupting these services can have wide-reaching impacts on society, making them attractive targets for nation-state actors looking to cause disruption. Housing organisations also hold valuable data, including personal information of residents, financial records, and operational details. Nation-state actors may target this data for espionage or to use it in further attacks.

2.2 Organised crime groups

Organised crime groups (OCGs) are primarily motivated by profit. They target housing organisations to steal sensitive data, such as personal and financial information, which can be sold on the dark web or used for identity theft and fraud.

These groups often use ransomware to encrypt critical data and demand a ransom for its release. Housing organisations, which rely on continuous access to their data for operations, may feel pressured to pay the ransom to restore services quickly.

Housing organisations may have less robust cybersecurity measures compared to other sectors with greater resources, making them attractive targets. OCGs exploit these vulnerabilities to gain access to systems and data.

By targeting housing organisations, OCGs can cause significant disruption to essential services, affecting a large number of people and creating a sense of chaos for those trying to resolve the issue.

2.3 Insider threats

Insider threats refer to the risk posed by individuals who have legitimate access to the systems and data within your organisation.

There are traditionally three main types of insider threat:

• Malicious insiders: Deliberately expose systems or leak data to harm the organisation
• Negligent insiders: Cause harm unintentionally (like an IT team member failing to patch a system or mishandling sensitive information)
• Accidental insiders: An end user accidentally clicks a phishing link or gives up their credentials

2.4 Initial access brokers

An initial access broker is a cybercriminal who specialises in gaining unauthorised access to computer networks and systems and then selling this access to other malicious actors, such as ransomware groups.

Initial access brokers exploit vulnerabilities in remote access services like Remote Desktop Protocol (RDP) and Virtual Private Networks (VPNs), brute-force login credentials, and leverage malware that steals account information.

This “access-as-a-service” model is one of the drivers in the rise of ransomware attacks and other cyber threats referenced earlier in this blog.

3. Visibility is critical: Understand your environment and investigate alerts

So, sections 1 and 2 have made for some frightening reading. But what can you do to get proactive and protect yourself?

When it comes to securing your environment, visibility is everything. After all, you can’t manage what you can’t see.

By having a clear view of your network, you’re better able to identify and address vulnerabilities and blind spots. This proactive approach minimises the risk of exploitation by cybercriminals, and can help you respond more quickly in the event of an attack.

Many regulatory frameworks, like Cyber Essentials Plus, require organisations to maintain detailed logs and reports of their security position. Visibility tools help in meeting these compliance requirements by providing the necessary data and insights.

Shadow IT (systems that have been launched within the organisation, but that are not being actively managed by the IT team) can be a barrier to network visibility. Particularly in the housing sector where remote sites and large numbers of internet-facing devices can create a larger attack surface.

A quality scanning tool can plug the gaps by discovering absolutely everything that is on your network, before prioritising the patching and remediation required.

LIMA provides free cyber readiness assessments that can help you to more clearly understand your current security posture and how to improve it. Contact one of our experts on 0345 345 1110 to discuss your free cyber-readiness assessment, or drop us an email: enquiries@lima.co.uk

4. Plan your response: If you don’t have an incident plan you’re leaving yourself at risk

As the old saying goes – fail to prepare, prepare to fail.

By creating an incident response plan you’ll arm your organisation with a step-by-step playbook of how to respond in the event of a cyber incident.

Plan for different attack scenarios. Your response to a phishing attack would naturally be different to a ransomware attack, which could cause a full business outage.

Create a responsibility matrix so it’s clear who owns what.

Create a communications plan. Who do you need to contact? How will you contact them if your core systems go down? How will you contact tenants? Who’s your cyber insurer and what do they cover?

A solid incident response plan can lead to a faster response and critically a faster resolution. The longer an incident drags out, the more exposed you are to the risks of downtime and financial loss.

Having executive agreement of your incident plan enables you to act quickly in the event of an ongoing incident, which could reduce the overall impact. You don’t want to be chasing your CEO for sign off on a plan of action when an incident has occurred.

Once you’ve got a plan, make sure you’ve tested it. An untested plan may not survive a live incident, so make sure to run through it!

5. Not “just an IT problem”: Leadership buy-in is worth its weight in gold

Cybersecurity is not just an IT problem. It comes down to people, processes and culture.

If leadership make cybersecurity a priority, it will become a priority across the organisation very quickly.

From the IT side, if senior management are bought in, you’ll have more tools and processes in place to prevent a cyber-attack and becomes less economically viable and less appealing for attackers to target you.

What’s more, if you have exec buy-in it’s easier to develop a full, organisation-wide response plan, so that your customer-facing teams know what to do when their systems are down, enabling business continuity even in the event of an attack.

At LIMA, we tend to speak to two types of organisation. There are those who have already suffered a cyber-attack. These organisations always have buy-in from leadership, because they understand the reputational damage, the lost revenue and the wasted time spent getting systems back up and running.

IT teams in organisations that haven’t yet been attacked often find it harder to get buy in and investment from leadership. The mentality of “It’s not going to happen to us” can prevail in these organisations. This is a risky approach, with attacks continuing to rise.

In cybersecurity, as in dental care, prevention is always better (and cheaper) than cure!

LIMA’s own Vulnerability Detection and Remediation (VDR) solution continuously scans your environment for vulnerabilities and resolves them before they can be exploited, keeping you ahead of the game in the fight against cybercrime.

Want to remove the cyber-strain from your IT team? Contact one of our experts on 0345 345 1110 to discuss your free cyber-readiness assessment, or drop us an email: enquiries@lima.co.uk

At LIMA, we place a huge importance on customer experience. It’s an area we invest heavily in to ensure our customers are happy and want to stay with us.

So, we’re incredibly proud to be recognised by our partners at Cisco with the prestigious Cisco Customer Experience Specialisation. The award underlines our commitment to delivering exceptional customer service and solutions that drive great outcomes for customers.

Achieving the specialisation is no small feat. It requires a deep understanding of Cisco products and services, as well as a proven track record of customer success. We demonstrated our credentials through a series of rigorous assessments and customer references, showcasing our ability to deliver for customers.  

The specialisation means Cisco recognises LIMA’s advanced ability in deploying and supporting Cisco solutions throughout their lifecycle. It all comes down to enhancing customer satisfaction and ensuring they achieve successful business outcomes.

What does this mean for LIMA’s customers?

With this specialisation, LIMA can offer even more value to its customers.

Benefits include:

• Enhanced Service Quality: LIMA’s Customer Success Managers (CSMs) have each undertaken specific Customer Experience training and exams to prove they have the understanding and skill to help customers achieve their goals, removing barriers and ensuring streamlined delivery.
• Increased Efficiency: With highly skilled and trained individuals supporting each stage of the lifecycle of Cisco products, LIMA reduces time-to-value, allowing clients to achieve business goals faster.
• Innovative Solutions: LIMA is now even better equipped to provide cutting-edge solutions tailored to the unique needs of each client, driving innovation and growth.

The specialisation takes us closer to achieving our aim of becoming a Cisco Gold Provider – one of just a handful in the UK.

LIMA CEO Danny Masters commented: 

“We’ve worked closely with Cisco for a number of years, using technology to deliver fantastic outcomes for our customers. As we continue to grow and develop as an organisation, it’s fantastic that Cisco have recognised LIMA with this outstanding specialisation. Thanks to the hard work of our customer-facing teams, and the most recent upskilling of our entire CSM team, we’re able to offer an even more comprehensive level of service and support to every LIMA customer.”  

Cisco Premier Partner

Cisco and LIMA are longstanding partners, and earlier in 2024 we picked up not one but three ‘Powered by Cisco’ Managed Service accreditations – which instantly upgraded LIMA’s Cisco Provider Partner status from Select to Premier.

LIMA is an end-to-end IT services provider, with 25 years’ experience of helping customers to modernise, secure and manage their technology. We offer managed services, infrastructure, cloud, security, BAAS and DRAAS, all supported by a highly qualified and accredited team.

To discuss how we can turn your MSP experience from frustrating to elevating, get in touch today on 03453451110 or email enquiries@lima.co.uk. 

LIMA’s dedication to delivering outstanding service, product and support has been recognised yet again, with not one but three ‘Powered by Cisco’ Managed Service accreditations – which has instantly upgraded LIMA’s Cisco Provider Partner status from Select to Premier.

It’s a flying start to the New Year and a testament to all the hard work our teams have put into driving our service offering to new heights over the last 12 months.  A demanding in-depth audit by Cisco closely examined our technical competency, customer experience, service reporting and operational procedures…and LIMA came out brilliantly across the board.  

Remarkably – and almost unheard of in our sector – these three new accreditations were awarded with absolutely no improvement recommendations, non-conformances, or issues as conditions. Straight ‘A’s on all counts! 

Martin Ingham, Chief Technical Officer at LIMA said: 

“This rubber stamps what we have been hearing from our customers over the last 12 months – we are a credible and skilled services business which delivers for our customers.” 

Cisco Meraki – a flexible cloud platform for evolving business demands 

CISCO Meraki is a cloud network platform which adapts to the customer’s evolving IT needs – enabling them to work flexibly and respond rapidly and with agility to changes and growth in their business environment. Our new accreditations as a Cisco Meraki provider cover three key areas: 

• Cisco Powered Meraki SD-WAN – delivering automated, hybrid WAN services with a cloud-based, multitenant solution. 

• Cisco Powered Meraki Security – providing customers with powerful security using Meraki cloud. 

• Cisco Powered Meraki Access – delivering a managed LAN and/or WLAN service to connect users and devices 

Enabling customers to work smarter and achieve more 

There are some keywords there which define both the way we work at LIMA ourselves, and the way we enable customers to work: flexibility, agility and responsive.  They don’t just apply to our technologies but also to the way we approach customer service, as reflected in the fact our team were able to evidence such outstanding performance levels during the Cisco audit. Those are qualities that make such a difference with LIMA. 

We’re committed to a programme of constant improvement, and we’re excited about what our new status means in terms of providing extra support and services to our customers. But we’re not resting on our laurels. Far from it – we’re aiming to achieve Cisco Gold Provider Status this year: the very highest level, much sought after and rarely achieved in our sector.  

In the meantime, our new Premier status will see us rolling out some invaluable new services and support in SD-WAN, security and network access. Watch this space for details over the coming months – and if you’d like to discuss how our Cisco Meraki from LIMA can help you and your business please get in touch today at 03453451110 or email enquiries@lima.co.uk.