Connect with us

Hi, what are you looking for?

Editor’s Pick

Escalating cyber threats to charities

Nigel Thorpe, technical director at SecureAge looks at the increase in cyber attacks on charities/NGOs and suggests it’s time for a new approach

Ransomware and cybercrime is on the rise. Charities and NGOs are no stranger to this growing trend and are often the victims of attacks targeting critical yet vulnerable critical infrastructure such as health, water and food. Over 50% of NGOs report being targeted by cyber attacks, as a growing number of recent incidents illustrate.

NGOs involved in humanitarian and other actions are heavily dependent on mobile and digital technologies to coordinate and fulfil their missions. They often operate in regions with limited or unreliable infrastructure that can expose them and employees to acute risk of data interception, tracking, or unauthorized access with potentially lethal consequences for volunteers, beneficiaries and other stakeholders. NGOs may also be targets of malicious and politically motivated cyber attacks, from defacing websites to hijacking and misusing their identities and credentials to misdirect resources and volunteers and spread malicious misinformation.

The latest Cyber Security Breaches Survey, published by the Department for Digital, Culture, Media & Sport, says that 57 per cent of charities with incomes of more than £500,000 a year were affected by cyber attacks or breaches in the 12 months before the survey took place.
A fifth of charities affected by cyber breaches reported these incidents occurring at least once a week, according to the report.

In July 2020, The Charity Commission said that more than 30 UK charities had been affected by the Blackbaud ransomware attack, one of the largest providers of fundraising, financial management, and supporter management software to the UK charity sector. Charities affected included the national homelessness charity Crisis and mental health charity YoungMinds. The company apologised to customers and paid the ransom to ensure that data would not be made publicly available or shared elsewhere.

In the US in May 2021, Microsoft’s Threat Intelligence Center announced that Nobelium – a major cyber hacker group – had infiltrated the emailing platform of the US Agency for International Development (USAID), which leads the US Government’s international development and disaster assistance efforts.

The cyber criminals used this access to build an email phishing campaign to target over 150 organisations worldwide, including NGOs and civil society organisations (CSOs). These malicious emails aimed to trick recipients into believing that this was a legitimate contact from USAID. If they clicked on the email they could have handed over sensitive information or downloaded malware onto their systems.

Taking action

In response to this increase in attacks, over 50% of NGOs have already partially developed cybersecurity frameworks and have introduced awareness training for their staff. But at the same time, lack of resources means that many organisations are unable to employ dedicated staff toward comprehensive cyber protection.

And here lies the problem. Like most organisations, NGOs have traditionally approached cyber security by trying to stop the cyber criminals and hackers getting in. Yet history tells us that it is impossible to stop every cybercriminal, all of the time. So, if we can’t keep the cyber criminals out nor trust the people around us, we must rethink the traditional ‘castle and moat’ methods of protection and adopt a data centric approach, where security is built into data itself.

Full disk encryption technology is often used to protect data when it is at rest on a hard disk or USB stick, which is great if you lose your laptop, but is of absolutely no use in protecting data against unauthorised access or theft from a running system. Data therefore needs to be protected not only at rest, but also in transit and in use, on site or in the cloud.

But this is no easy task. In a recent IBM and Ponemon report, 67% of respondents said discovering where sensitive data resides in the organisation is the number one challenge in planning and executing a data encryption strategy. Data classification technology is often used to identify ‘important’ or ‘sensitive’ data, but the report found that 31% cited classifying which data to encrypt as difficult. Then there is the question of where you set the ‘importance bar’? Even seemingly trivial information can be useful to a cybercriminal, since they are adept at amalgamating small pieces of data to form a bigger picture, to build a spear phishing attack at an individual, for example.

A universal approach

So why is it that the accepted norm is to encrypt only the ‘most important’ or ‘sensitive’ data? The problem is that traditionally, encryption has been considered complex and costly and detrimental to performance and productivity. But with advances in the technology and fast processing speeds, seamless data encryption can now be used to protect all data – both structured and unstructured. This way, classification for data security purposes becomes irrelevant and stolen information remains protected and useless to cyber criminals.

This approach also works with legacy systems, which are outdated but still perform an essential job. Many legacy systems are still used by NGOs and were not designed to be exposed to public networks. But as staff, customers, supporters and suppliers need direct access to business processes, new online services have been built on top of this ageing technology. When connected to the outside world, legacy system data – such as customer details, operational data and sensitive information – becomes vulnerable. But by protecting the data itself, these risks are mitigated.

As hackers seem to have no problems or social conscience with targeting charities and NGOs with their cybercrime sprees and ransomware attacks, it’s time to take them on at their own game, by encrypting the data before they can get to it.

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!



Follow us on Spotify BusinessWorld B-Side The Filipino workforce is gradually adapting to a work environment that has been changed forever due to the pandemic....


The Department of Environment and Natural Resources (DENR) has given recognition to volunteers and partners who had significant contribution to the cleanup and rehabilitation...


Spotlight is BusinessWorld’s sponsored section that allows advertisers to amplify their brand and connect with BusinessWorld’s audience by enabling them to publish their stories...


Former client, Jennifer Pacquing on her experience with Planning for Canada services. Planning for Canada – Planifier pour le Canada (PfC) is pleased to...


Windmills are seen in Pililia, Teresa, Rizal province on April 25. — PHILIPPINE STAR/ MICHAEL VARCAS THE INCOMING Marcos administration should consider the full...


THE PHILIPPINE central bank should deliver more aggressive rate hikes in order to curb inflation that is now expected to reach 5% this year,...

You May Also Like


BW FILE PHOTO GROSS BORROWINGS by the National Government reached P2.6 trillion as of end-September as it continued to raise funds to respond to...


REUTERS By Luz Wendy T. Noble, Reporter The country’s foreign exchange buffers slightly increased as of end-October as the value of the central bank’s...


COVID-19 has had a significant impact on the mental health of Filipinos across different groups all over the archipelago. From frontline workers, parents balancing...

Financial Advisors

The healthcare ecosystem is one that has thrived on the cusp of scientific progress, benefitting enormously from the winds of change in the technological...

Disclaimer: Respect, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2022 Respect Investment. All Rights Reserved.