In July 2024, the Locata housing software breach affecting Manchester, Salford, and Bolton councils highlighted the ongoing vulnerability of public services to cyber-attacks. The attack exposed personal data and led to a widespread phishing scam, targeting thousands of residents. Another situation which really demonstrates how no business is immune, and how urgent it is for businesses and public sector organisations to fortify their cybersecurity defences.
The attack was triggered by a vulnerability in one of Manchester Move's third-party housing software provider, Locata. Cybercriminals exploited weaknesses in the public-facing websites, sending phishing emails that lured users into providing sensitive personal information. This is a common tactic, as documented in the National Cyber Security Centre (NCSC) guidance, where phishing has remained the top method for cyberattacks.
Attackers often rely on compromised third-party vendors as an entry point, making vendor risk management crucial in protecting organisations from breaches. Locata's response:
Working with third-party IT experts and suspending affected websites was swift but highlighted a recurring challenge for many organisations: reliance on external providers who may not have robust security protocols in place.
The immediate impact of this attack was significant: thousands of residents received phishing emails, potentially compromising their personal data. However, the broader lesson for organisations across the UK is that cyber threats are evolving, and no sector or business is immune.
Organisations like Locata, which manage sensitive and personal data, are prime targets for hackers. With attacks often impacting public services like housing and healthcare, the need for stronger cybersecurity measures becomes evident. Key challenges include:
The Manchester Move incident serves as a reminder that proactive steps are necessary to safeguard organisations. Check out the webinar above which shows how phishing attacks happen, and how easy many organisations make it for hackers to impersonate your domain. To counter this, here’s how you can stay ahead of hackers and avoid becoming the next victim of a similar attack:
1. Invest in a Security Operations Centre (SOC): A SOC provides round-the-clock monitoring, detecting and responding to potential threats before they escalate. Continuous monitoring and threat intelligence can catch breaches early, limiting damage. A slightly easier alternative would be to investigate and invest in Threat and Vulnerability Management (check the Vulnerability Assessment option here).
2. Vendor Risk Management: Organisations must ensure their third-party suppliers have robust security measures in place. Regular audits and assessments, especially in high-risk industries like public services and healthcare, are crucial.
3. Employee Awareness and Training: Phishing remains a top concern for UK organisations, as seen in the 2024 Cyber Security Breaches Survey. Training employees to recognise suspicious emails and encouraging them to report potential phishing attempts can reduce vulnerabilities.
4. Regular Backups and Disaster Recovery Plans: Regularly updating and testing backups ensures business continuity, even in the event of a ransomware attack. Organisations should have clear disaster recovery plans that outline how to restore data and services quickly.
5. Proactive IT Strategy: Rather than being reactive, UK businesses must adopt a proactive IT and cybersecurity strategy. Regular security assessments, patching, and implementing multi-factor authentication (MFA) should become routine to keep security measures ahead of threats.
The Locata breach reminds us that no organisation is immune to cyberattacks. By investing in comprehensive cybersecurity strategies—including 24/7 monitoring, employee education, and vendor management—UK businesses can significantly reduce their exposure to risk. Cybersecurity is not an option; it’s essential for protecting customer data, maintaining trust, and safeguarding against financial and reputational damage.
Now half way through Cybersecurity Awareness Month (October 2024), it's time for organisations to review their security measures, stay ahead of threats, and ensure their business continuity plans are ready for any scenario.