{"id":608570,"date":"2023-02-16T07:49:12","date_gmt":"2023-02-16T13:49:12","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/16\/what-charities-should-know-about-ransomware-and-reputational-threats\/"},"modified":"2023-02-16T07:49:12","modified_gmt":"2023-02-16T13:49:12","slug":"what-charities-should-know-about-ransomware-and-reputational-threats","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/16\/what-charities-should-know-about-ransomware-and-reputational-threats\/","title":{"rendered":"What charities should know about ransomware and reputational threats"},"content":{"rendered":"<div id=\"content-header\">\n<h2>The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\tRob Shapland and Adam Monks<\/li>\n<\/ul>\n<p>\n\tPublished: <span>15 Feb 2023<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>Last March, the email and phone systems at <a href=\"https:\/\/www.bbc.co.uk\/news\/uk-scotland-60826263\">the Scottish Association for Mental Health<\/a> suddenly stopped working. A possible sign of a cyber attack, confirmed when the cyber criminal gang RansomEXX uploaded sensitive data belonging to donors and volunteers to the dark web including: names, home addresses, emails, and passport scans.<\/p>\n<p>Understandably, SAMH\u2019s reputation took a major hit.<\/p>\n<p>Charities are seen as \u2018soft\u2019 targets for cyber criminals. <a href=\"https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2022\/cyber-security-breaches-survey-2022\" target=\"_blank\" rel=\"noopener\">Nearly one in three of them were victims of cyber crime in 2022<\/a>, and the threat is higher among high-income charities, of which over half were attacked.<\/p>\n<section data-menu-title=\"Why charities are targeted\">\n<h3><i data-icon=\"1\"><\/i>Why charities are targeted<\/h3>\n<p>Charities are either playing catch up by not prioritising risks, or they are simply unaware of the threats they face. Their online operations such as engaging supporters, raising funds, and coordinating essential responses around the world, leave charities vulnerable to cyber attacks.<\/p>\n<p>Targeting a charity is appealing to an attacker \u2013 charities often have limited IT budgets and little or no in-house cyber security expertise, while being goldmines of valuable financial, personal, and commercial data.<\/p>\n<\/section>\n<section data-menu-title=\"Charities are typically easy targets\">\n<h3><i data-icon=\"1\"><\/i>Charities are typically easy targets<\/h3>\n<p>Many charities also have much wider (and less well policed) attack surfaces \u2013 increasing the possible entry and exit points for unauthorised personnel.<\/p>\n<p>Why is this the case? The third sector relies more heavily on BYOD (Bring Your Own Device), with <a href=\"https:\/\/www.ncsc.gov.uk\/files\/Cyber_threat_report-UK-charity-sector.pdf\" target=\"_blank\" rel=\"noopener\">64% of charities<\/a> reporting staff using their own devices regularly, compared to 45% of commercial businesses. As a result, their network is larger which makes performing cyber security updates and monitoring more difficult. This leaves charities more susceptible to cyber security breaches.<\/p>\n<p>Criminals are also aware that risks are much less likely to be assessed and responded to at board and senior management level among charities. <a href=\"https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2022\/cyber-security-breaches-survey-2022\" target=\"_blank\" rel=\"noopener\">One in four charities<\/a> do not have a board member who is accountable for cyber security, nor do they update their senior management when a cyber security action is taken.<\/p>\n<p>This leaves even the biggest charities vulnerable. Last year, <a href=\"https:\/\/www.computerweekly.com\/news\/252513537\/Red-Cross-cyber-attack-the-work-of-nation-state-actors\">the Red Cross was hit by a devastating attack<\/a> that put operations and fundraising on hold and impacted its ability to disseminate blood.<\/p>\n<\/section>\n<section data-menu-title=\"A charity\u2019s reputation is only as strong as the federation\u2019s weakest link\">\n<h3><i data-icon=\"1\"><\/i>A charity\u2019s reputation is only as strong as the federation\u2019s weakest link<\/h3>\n<p>Smaller charities \u2013 often affiliates or those that receive funding from national charity organisations \u2013 are just as susceptible to attack as larger known third sector entities because they are less likely to have the resources for addressing cyber security threats.<\/p>\n<p>Many charities in the UK, including Carers Trust, Mind, and the YMCA, operate with a federated structure where a network of smaller, independent local charities is overseen by a national charity. Such smaller organisations offer an easy route in for hackers. If a bad actor ends up succeeding in breaching an affiliate\u2019s system, the reputational damage affects the whole charity federation. Being the victim of a cyberattack can potentially result in supporters thinking twice about donating and sharing their sensitive details.<\/p>\n<\/section>\n<section data-menu-title=\"What charities can do to mitigate cyber threats and reputational risks\">\n<h3><i data-icon=\"1\"><\/i>What charities can do to mitigate cyber threats and reputational risks<\/h3>\n<p>In January 2023, <a href=\"https:\/\/www.computerweekly.com\/news\/252529475\/NCSC-warning-over-cyber-risk-to-charity-sector\">the UK National Cyber Security Centre published new guidance<\/a> for the charity sector that named ransomware as \u201cthe most harmful cybercrime threat to the UK today.\u201d The threat of sophisticated malware and ransomware is best prevented by robust preparation and constant monitoring of an organisation\u2019s network and devices.<\/p>\n<p>At a time when charities are facing both an expansive attack surface and a weak cyber security focus from senior managers, there are three highly effective solutions:<\/p>\n<ol>\n<li>Reduce reputational risk by <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/answer\/What-are-the-pros-and-cons-of-hiring-a-virtual-CISO\">hiring a Virtual CISO<\/a> (Chief Information Security Officer), <a href=\"https:\/\/www.smartdesc.co.uk\/vciso\/\" target=\"_blank\" rel=\"noopener\">an outsourced security expert<\/a> (or team of security experts), to guide and direct cyber security priorities and protection. vCISOs typically work alongside existing internal IT teams on a part-time basis, acting as in-house, impartial and trusted advisors, driving the cyber strategy forward through deep collaboration.<\/li>\n<li><a href=\"https:\/\/www.computerweekly.com\/microscope\/news\/252529610\/MDR-resonating-as-an-option-with-both-channel-and-customers\">Invest in MDR<\/a> (Managed Detection and Response), a service <a href=\"https:\/\/falanxcyber.com\/managed-detection-response\/\" target=\"_blank\" rel=\"noopener\">that combines cyber security analysts and specialist tools<\/a> to monitor an entire IT estate for anomalies, hunt for and respond to cyber threats in real-time. MDR also has the capability to identify threats in an organisation\u2019s third-party network. This makes it ideal for dispersed networks, like that of a charity with a BOYD policy, as it enables visibility of any activity anywhere.<\/li>\n<li>Test your defences. For medium and large-size charities, the NCSC guidelines recommend using third-party services including penetration testing. <a href=\"https:\/\/falanxcyber.com\/penetration-testing\/\" target=\"_blank\" rel=\"noopener\">Penetration or pen tests<\/a> are simulated attacks carried out by <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/Top-key-ethical-hacker-skills\">a team of ethical hackers<\/a> who employ the same techniques that attackers use to discover vulnerabilities by testing whether systems or applications can withstand hostile attacks.<\/li>\n<\/ol>\n<\/section>\n<section data-menu-title=\"Outsourcing cyber defences is a charity\u2019s best bet\">\n<h3><i data-icon=\"1\"><\/i>Outsourcing cyber defences is a charity\u2019s best bet<\/h3>\n<p>Charities are on cyber criminals\u2019 radars, even the large, well-known charities are vulnerable. The impact of a large-scale attack can be devastating\u2013 particularly the downtime and damage to the brand and supporter trust.<\/p>\n<p>The investment of time and money into the right cyber security strategy and services, from specialists that understand the challenges of the sector, will always outweigh the long \u2013 and reputationally damaging \u2013 road to recovery from a successful attack.<\/p>\n<p><i>Rob Shapland is an ethical hacker and head of cyber innovation at <a href=\"https:\/\/falanxcyber.com\/\">Falanx Cyber<\/a>, a specialist MDR provider. He is a frequent commentator on security issues and a regular contributor <a href=\"https:\/\/www.techtarget.com\/contributor\/Rob-Shapland\">to TechTarget Security and Computer Weekly<\/a>. Adam Monks is chief executive of <a href=\"https:\/\/www.smartdesc.co.uk\/\">Smartdesc<\/a>, a specialist managed services provider (MSP) working with charities and non-profits.<\/i><\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Hackers and cybercrime prevention<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/252529475\/NCSC-warning-over-cyber-risk-to-charity-sector\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/LeMagIT\/hero_article\/security-threat-cyber-attack-1-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/LeMagIT\/hero_article\/security-threat-cyber-attack-1-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/LeMagIT\/hero_article\/security-threat-cyber-attack-1-adobe.jpeg 1280w\" alt ><\/p>\n<h5>NCSC warning over cyber risk to charity sector<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/news\/252528999\/Vulnerable-organisations-to-get-free-Cyber-Essentials-support\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/cyber-security-laptop-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/cyber-security-laptop-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/cyber-security-laptop-adobe.jpeg 1280w\" alt ><\/p>\n<h5>Vulnerable organisations to get free Cyber Essentials support<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.computerweekly.com\/opinion\/Consistency-is-key-to-mitigate-outsourcing-risk\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Security-Think-Tank-hero_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Security-Think-Tank-hero_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Security-Think-Tank-hero.jpg 1280w\" alt ><\/p>\n<h5>Consistency is key to mitigate outsourcing risk<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/martin-smith-sasig-cw-contributor.jpg\" alt=\"MartinSmith\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Martin\u00a0Smith<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.computerweekly.com\/news\/252515288\/One-third-of-UK-firms-suffer-a-cyber-attack-every-week\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/email-phishing-attack-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/email-phishing-attack-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/email-phishing-attack-adobe.jpg 1280w\" alt ><\/p>\n<h5>One-third of UK firms suffer a cyber attack every week<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/opinion\/What-charities-should-know-about-ransomware-and-reputational-threats\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Jeanice Paris<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back By Rob Shapland and Adam Monks Published: 15 Feb 2023 Last March, the email and phone systems at the Scottish Association for Mental Health<\/p>\n","protected":false},"author":1,"featured_media":608571,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[46593,31358,46],"tags":[],"class_list":{"0":"post-608570","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-charities","8":"category-ransomware","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/608570","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=608570"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/608570\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/608571"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=608570"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=608570"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=608570"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}