The National Cyber Security Centre (NCSC) has issued a warning to UK charities that hackers could target them.
Charities that help carry out government initiatives within foreign countries are those deemed to be the most vulnerable to cyber attacks, according to GCHQ.
The warning aims to bring more awareness to those charities operating in overseas countries teaching or investing time into projects, that there are threats in such countries from cyber criminals.
The NCSC has said charities’ ‘culture of openness’ has made them more vulnerable to cyber-fraud and extortion than any other organizations.
According to The Times, an assessment said: “Some charities operate through local partner organisations in the UK or overseas. Others play a role in helping formulate and deliver UK domestic and foreign policy. Threat actors may be able to access UK-based charity systems through linked branches or projects in other countries where the security culture may be less stringent than in the UK.”
Among the threats to charities includes insiders, who could pass on credentials to attacks or steal data. For example, those who used to work at the organisation could have retained information for access to systems and easily pass this onto others.
The NCSC has outlined that the biggest threat to charities is from those cyber criminals that are driven by financial gain. Such criminals could have a significant impact on their ability to deliver services, by accessing sensitive data.
In an attempt to overcome the concerns, the NCSC has published a ‘small charity guide’ to outline action steps to take to protect themselves from cyber attacks.
Within its assessment, the NCSC said: “Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity. We believe many, particularly smaller charities, do not realise this and do not perceive themselves as targets. Charities are falling victim to a range of malicious cyber activity, but the scale of this activity is unclear due to underreporting.”
These steps focus on backing-up data efficiently, using strong passwords, avoiding phishing attacks such as emails and enforcing more work to protect systems against malware.
Experts in the security industry have expressed their concerns over charities being attacked, warning they must do more.
“Charities need to do more to educate their staff and ensure they dedicate enough time and resources as any other organisation would to improve their cyber-security and protect their assets,” David Emm, Principal Security Researcher at Kaspersky Lab, said.
“Charities are a big target for cybercriminals because they have valuable data, including personal information, which is of huge value to attackers. It can also result in the loss of funds, affect a charity’s ability to help those in need and damage its reputation. It is important that charities realise they have a responsibility to implement procedures for recognising and responding to these threats, particularly because of the vast amount of personal and financial information that they hold.”
The NCSC has deemed charities are much more vulnerable than any other sector, however the charity sector is of course not the only one affected by cyber attacks. The likes of both the banking and healthcare sectors have also seen a number of threats aimed at them.
Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland said: “While the NCSC assessment is focused on the charity sector specifically, all organisations in the public or private sector, no matter what shape or size, is vulnerable to a cyber-attack. Companies need not only be concerned with protecting their data, but the entire operation of a company itself.
“While continued investment in technical and security controls is paramount, with employees on the front line of this battle upskilling staff and making them more cyber aware is one of the most cost effective ways of reducing the probability and impact of human error.”
If charities take on the suggestions from the NCSC it could help prevent such extreme consequences, better protecting them and their sensitive data.