[BreachExchange] Charities Are Vulnerable To Severe Cyber Attacks

Tue Mar 20 18:59:25 EDT 2018

https://www.cybersecurityintelligence.com/blog/charities-hit-by-severe-
cyber-attacks-3226.html

The UK’s charities could be at risk from a series of devastating
cyber-attacks, intelligence officials from the National Cyber Security
Centre have warned.

With around 200,000 charities registered in the UK, each one contains vast
amounts of personal data and payment information on those that support
them. This in turn makes them a huge target for the next wave of
cyber-crime and potentially breaking the coming GDPR law.

In one case a charity lost £13,000 after its chief executive’s email was
hacked. In a new report, experts at the centre, which is part of
intelligence agency GCHQ, said charities are falling victim to a range of
malicious activity, although the scale is unclear because of
under-reporting.

The report said: “The NCSC believe there is considerable variation in
charities’ understanding, approach to and application of cyber security".
Some charities are aware their data is sensitive, valuable and vulnerable
to malicious cyber activity. Fraud aimed at tricking employees with
financial authority into transferring money is increasing, according to the
report.

It highlighted one episode in which a charity lost £13,000 after the email
of its CEO was hacked and a fraudulent message sent to its financial
manager with instructions to release the funds.

Datasets containing personal details and financial information are an
attractive target for criminals, the study noted. It said:

“Charity datasets may contain personally identifiable information of
donors, trustees, patrons, partners, paid staff and volunteers.

“Some large charities hold several million donor records. The data may also
include payment details relating to donations including card details.”

While cyber criminals are assessed as posing the greatest threat to the
sector, charities are also seen as potentially attractive targets for
nation states who “oppose or mistrust their activity”.

Alongside the threat assessment, the NCSC has published a guide outlining
steps charities should follow to guard against attacks. They include advice
on passwords, backing up data and protecting systems from malware.

NCSC director for engagement Alison Whitney said: “Cyber-attacks can be
devastating both financially and reputationally, but many charities may not
realise how vulnerable they are to the threat.

“That’s why we have created these quick and easy steps that will help
charities protect themselves to protect their data, assets and reputation.”

Helen Stephenson, chief executive of the Charity Commission for England and
Wales, said: “Charities play a vital role in our society and so the
diversion of charitable funds or assets via cyber-crime for criminal
purposes or personal gain is particularly damaging and shocking.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180320/49d6ac2d/attachment.html>