HAI Group's master cyber liability policy is expiring on December 31, 2022. What does this mean for members?
- You must report any cybersecurity-related incident to your account executive as soon as possible.
- At your earliest convenience, contact us to discuss alternate cyber liability coverage.
Why Should Affordable Housing Organizations Invest in Cybersecurity?
Multifamily affordable housing organizations are more vulnerable than you realize, especially with an increasingly remote workforce. Cybercriminals attack housing providers with alarming frequency, using discreet and difficult-to-detect methods to access private systems and confidential data that put residents, employees, and entire housing organizations at risk.
Since 2016, the U.S. has experienced about 4,000 ransomware attacks daily. Cybercriminals don’t just focus on larger companies with deep pockets—70% of ransomware attacks affect businesses with fewer than 1,000 employees.
A collection of fact sheets, checklists, and infographics covering the most urgent cybersecurity topics in the world of affordable housing.
Cybersecurity on the Blog
In-house and contributed articles covering the latest cybersecurity threats, trends, and tips for affordable housing providers.
“Everyone is a target, and I cannot stress that enough. Malicious actors are going to find ways to exploit whomever they can. When you look at housing organizations, they often don’t have the resources to protect themselves.”
— Scott Stevens, chief information security officer, Integrity Technology Solutions
No End in Sight
Over the last five years, the FBI has received an average of 440,000 cybersecurity complaints per year, and recorded $13.3 billion in total losses.
All Trick, No Treat
According to the FBI, the vast majority of cyberattacks are engineered through phishing schemes, which are aimed at tricking victims into providing sensitive information to scammers.
Phishing schemes are commonly used to infect networks with ransomware, a type of malicious software that encrypts data on a computer, making it unusable unless a ransom is paid.
The Cost of Cybercrime
The FBI received nearly 2,500 ransomware complaints in 2020, with adjusted losses of over $29 million that don’t account for the business interruption and recovery costs synonymous with ransomware.
Real-life Ransomware Scenarios
The examples below show the impacts of ransomware attacks on housing organizations and the public sector:
An attack on a housing organization
left 700 employees and some 55,000
residents temporarily without access to
the organization’s web portal. The hacker
also leaked information about dozens of employees online.
A cyberattack infected an entire county, taking the county’s systems offline, according to the FBI. The county had backup servers, but the servers were also hacked because they weren’t isolated from the county’s main network. The county paid a $132,000 ransom, the FBI noted.
A housing organization experienced two successive ransomware attacks, which the organization’s leader described as “a nightmare.” The attacks forced the organization’s employees to retype and scan documents to recoup encrypted files.
Hackers infected a city’s systems and
demanded a $76,000 ransom. While the
ransom wasn’t paid, according to the FBI,
itcost the city an estimated $9 million to remediate the attack and restore services.
A housing organization had its financial data held hostage at a time when the data was necessary for reporting. The housing authority decided not to pay the ransom. The hack still cost the housing authority “both time and stress.”
A county’s computer systems were infected after a user allegedly opened a malicious email link or attachment, according to the FBI. County officials decided to rebuild their systems rather than pay the $1.2 million ransom. The county spent $1 million on new equipment and technical assistance, the FBI said.
Free Cybersecurity Services for Public Housing
Register for MS-ISAC, a free service recommended by HAI Group’s security team—and the Department of Homeland Security. Short on time? We recommend starting with the cybersecurity alerts, the MS-ISAC toolkit, and the Malicious Domain Blocking and Reporting (MDBR) service, which can block the vast majority of ransomware infections by preventing the initial outreach to a ransomware delivery domain!