During the Ukraine crisis, criminals took advantage of the generosity of the public, masquerading as charities for their own financial gain, according to a report on the charity sector by the UK official National Cyber Security Centre (NCSC).
More charities are now offering online services and fundraising online, meaning reliable, trusted digital services are more important than ever, said Lindy Cameron, Chief Executive Officer of the NCSC, pictured, and herself a charity trustee, in a foreword to the document. She added: “Cyber attacks affecting services, funds or compromising sensitive data can be devastating financially and reputationally, potentially putting vulnerable people at risk.”
The document suggests that the charity sector could be particularly vulnerable; charities face the same cyber risks as the private sector and government, and besides charities rely on part timers, including volunteers, who might have less capacity to absorb cyber security procedure, and who might concentrate on doing the charity’s work or fund-raising, rather than cyber. Those people and staff may be using personal IT (Bring Your Own Device, BYOD) which is less easy to secure and manage then centrally issued IT, the NCSC points out.
As for who’s attacking, it could be fraudsters – who are attacking thousands of organisations using largely automated tools such as ransomware, and charities may get caught in that. Or nation states (Russia, Iran and North Korea were named in the document) and hacktivists; besides insiders (whether malicious or stemming from ‘unclear or onerous processes, lack of training or simply mistakes’) and supply chain attacks, if charities share data with others, such as marketing companies.
For the 20-page document, published with the regulator the Charity Commission for England and Wales, visit the NCSC website: https://www.ncsc.gov.uk/collection/charity/cyber-threat-report-uk-charity-sector.
Also included are case studies from the sector; statistics from the Department for Culture (DCMS) Cyber Security Breaches Survey; and directions to online resources.
Comment
Dr Darren Williams, CEO and Founder of cyber firm Blackfog says: “Phishing and more specifically spear phishing is the tool of choice by most cyber gangs to breach an organisation to launch a ransomware attack. As we have seen from this year’s annual statistics, ransomware continues to break new records each month and ended 2022 with an all-time record number of attacks, a 29pc increase over 2021.
“We have seen specific sectors such as education and government become the most targeted. Charities fall into the same category because they are seen as low hanging fruit without the adequate resources for protection, both in terms of skilled cyber professionals as well as cybersecurity technology. Since the goal of any attack is to breach an organisation and steal valuable information, charities pose a very high risk as they are gatekeepers to many high net worth individuals details which can be leveraged for extortion. This is similar to the way such individuals were targeted from an attack on Daylesford in the UK last year, where high net worth individuals details were leaked online. Like any organisation, charities need to look carefully in how they are protecting their data and what they are doing in terms of ant data exfiltration generally.”
