Cyberattacks Focus On Big UK Charities

Uploaded on 2018-05-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Seven in ten large UK charities have experienced cyber security breaches in the last 12 months. Charities are exposed to further online risks. Around three in ten enable people to donate online (31%) and just under three in ten allow beneficiaries to access their services online (27%). 

This is especially true of larger charities (53% of charities with an income of £500,000 or more let people donate online, and 49% enable beneficiaries to access services online). 

Organisations of all sizes, and a substantive majority of large businesses and charities in particular, have been breached or attacked. Those with more potential risk factors are also among the most likely to experience cyber security breaches or attacks. 

The Cyber Security Breaches Survey 2018 carried out by Ipsos Mori on behalf of the Department for Culture, Media and Sport, found that large charities are often exposed to greater cyber risks than businesses.
This is because over half (53%) of them allow people to donate online and just under half (49%) enable beneficiaries to access services online.

Of the large charities that had identified breaches or attacks, 37% needed new measures to prevent or protect against future breaches, 40% used additional staff time to deal with breaches and 28% said that breaches had stopped staff carrying out day-to-day work.

Breaches were more often identified among organisations that hold personal data or where staff use personal devices for work.

The survey found that the use of personal devices was much more prevalent in charities (65%) than in businesses (45%).
Only half (53%) of all charities said that cyber security was a high priority for their organisation’s senior management and just a quarter (24%) had trustees with a specific responsibility for cyber security.

Only two in ten charities (21%) said they had a cybersecurity policy or policies and just 8% said they had a cyber security incident management process in place. 

The quantitative survey finds that two-fifths (38%) of businesses and just over two-fifths (44%) of charities are aware of GDPR (at the time of fieldwork in winter 2017). Of these, 13 per cent of businesses and nine per cent of charities had amended their cyber security policies or processes specifically in preparation for GDPR. 

Sheila Pancholi, a technology risk assurance partner at auditing firm RSM, said: “This survey very clearly shows that charities are incurring considerable cost and disruption from cyber security breaches, yet there appears to be a degree of complacency when it comes to preventing and responding to cyber-attacks.

‘There is much more that charities need to do when it comes to raising staff awareness through training, identifying and managing cyber related risks and adopting good-practice technical controls. Cyber security must be made a Board level issue to ensure it gets the required level of focus.

‘It’s particularly interesting that the survey found that cyber breaches are more prevalent when staff are allowed to use their own personal devices for work. This is an area of particular risk for charities and one that we have been warning our clients about for some time.

“Personal devices should be managed and controlled via a formal bring your own device policy will includes ensuring that controls applied to systems which are managed and owned by the charity are also consistently applied to personal devices which staff want to use for work related purposes.

“This is ever more important given the impending 25 May deadline for GDPR coming into force to strengthen personal data governance. The reality is that (like all organisations) charities are only as strong as the weakest link in their network.”
Cyber Insurance 

A small minority of businesses and charities say they have a specific cyber security insurance policy (nine per cent and four per cent respectively). 

This was more common among businesses in the finance or insurance sectors (20%), and among medium (19%) and large businesses (24%). Among charities, cyber insurance is more common among high-income charities (20% among those with incomes of £500,000 or more). 

Among the organisations without insurance, the most common reason given for not taking it up is that they do not consider themselves at enough of a risk to warrant it (41% of the businesses and 53% of the charities without insurance). 

ThirdForceNews:           DCMS

You Might Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

Cyber Insurance Report 2017 - 2018

BYOD Security Is Critical For Business:

 

« Three Ways That Automation & Machine Learning Are Changing Data Centres
Canadian Tech Used To Censor The Internet »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) handles security incidents on forskningsnettet, the National Research and Education Network (NREN) in Denmark.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

Thunder Shield Security

Thunder Shield Security

Thunder Shield is a professional cyber security service provider of penetration test, source code review and security assessment services.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Whalebone

Whalebone

Whalebone develop user-centric, no-installation network security products for telcos, internet service providers, enterprises, public institutions, and governments.

FatPipe Networks

FatPipe Networks

FatPipe’s network optimization solutions along with robust native security and SASE-based protection provides organizations all they need for super network performance and security.