Charities Are Vulnerable To Severe Cyber Attacks

Uploaded on 2018-03-20 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

The UK’s charities could be at risk from a series of devastating cyber-attacks, intelligence officials from the National Cyber Security Centre have warned.

With around 200,000 charities registered in the UK, each one contains vast amounts of personal data and payment information on those that support them. This in turn makes them a huge target for the next wave of cyber-crime and potentially breaking the coming GDPR law.

In one case a charity lost £13,000 after its chief executive’s email was hacked. In a new report, experts at the centre, which is part of intelligence agency GCHQ, said charities are falling victim to a range of malicious activity, although the scale is unclear because of under-reporting.

The report said: “The NCSC believe there is considerable variation in charities’ understanding, approach to and application of cyber security". Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity. Fraud aimed at tricking employees with financial authority into transferring money is increasing, according to the report.

It highlighted one episode in which a charity lost £13,000 after the email of its CEO was hacked and a fraudulent message sent to its financial manager with instructions to release the funds.

Datasets containing personal details and financial information are an attractive target for criminals, the study noted. It said:

“Charity datasets may contain personally identifiable information of donors, trustees, patrons, partners, paid staff and volunteers.

“Some large charities hold several million donor records. The data may also include payment details relating to donations including card details.”

While cyber criminals are assessed as posing the greatest threat to the sector, charities are also seen as potentially attractive targets for nation states who “oppose or mistrust their activity”.

Alongside the threat assessment, the NCSC has published a guide outlining steps charities should follow to guard against attacks. They include advice on passwords, backing up data and protecting systems from malware.

NCSC director for engagement Alison Whitney said: “Cyber-attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.

“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets and reputation.”

Helen Stephenson, chief executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber-crime for criminal purposes or personal gain is particularly damaging and shocking.

“The threat assessment confirms what we often see in our casework, unfortunately charities are not immune to fraud and cybercrime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.

Huffington Post:     Image: Nick Youngson 

You Migh Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

UK Fraud Hotspots Revealed:

 

« Millennials More Likely To Fall Victim To Cybercrime
On Twitter Fake News Gets More Traction Than Truth »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

Wooxo

Wooxo

Wooxo provides business security and continuity solutions to protect business data for organisation of all sizes.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Center for Long-Term Cybersecurity (CLTC)

Center for Long-Term Cybersecurity (CLTC)

The Center for Long-Term Cybersecurity is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

StealthPath

StealthPath

StealthPath is focused on endpoint protection, securing the “implicit trust” vulnerabilities of current leading information security solutions.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.