In short, Cyber Risk is the risk all organizations face today from cyber criminals, opportunists or ‘bad actors’ when they are connected to the internet. Virtually every single organization today is connected to the internet in some way - even with just a website and the ability to send emails - hence every organization has some level of Cyber Risk exposure.
Whilst we will not delve into the technicalities of Cyber Risk here - it is an opportunity to provide some vital context and illustration of what the real world impacts could be on any Charity, as this is often the difference between simply knowing about an issue, and taking action.
When it comes to the Charities sector in particular, the need for Cyber Risk Management becomes critical.
Highly regarded InfoSec professional Glen Hymers - current Head of Data Privacy & Compliance and Information Assurance at The Cabinet Office and former Global CISO and Head of Data Protection at Save The Children – has this advice for Charities:
“Charities are reliant on funding from both individuals and potentially government sources. To ensure that the trust is maintained, Cyber Security is a key enabler.”
As a trusted partner to your donors, a vital provider of a whole range of support and services to those in need, and with often very limited budgets and a significant lack of Cyber expertise in house - Charities are in many ways the perfect target for Cyber Crime, so it is vital that your Trustees, Board Members, Senior Executives and all of your team members are aware of the risks, understand the potential impacts and are able to maintain constant vigilance.
Consider the following ‘Anatomy of an Attack’ - taken directly from a UK based Charity and an experience within the last 12 months:
How would Cyber Risk Management prevent this?
This process is commonly referred to as Business Email Compromise, and is estimated to cost the global economy at least $43 billion since 2018. In reality this figure is likely far higher, as it relies on those that actually reported the incident to authorities – but goes to show that Cyber Risk is actually a whole spectrum or risks, not just ‘Hackers’ trying to gain access to a network.
The sobering truth is that 96% of successful Cyber incidents or Data Breaches now involve some form of Human intervention (Verizon Data Breach Report 2020), and attackers are targeting people as well as internet exposed assets.
A Cyber Risk Management program can help provide vital situational awareness in terms of your specific Charity’s actual exposure to Cyber Risks. It can help provide actionable intelligence – the information that is critical to actually doing something to reduce your risk exposure. It can educate your team members on what to look for in their communications and day to day activities which may contain ‘red flags’ that signify malicious activity. This can range from simple checking of spellings right through to implementing specific policies and the necessary checks and balances required for handling digital payments.
The Risk of compromise has been increasing exponentially in recent years, but exploded in 2020 during the CoVid-19 Pandemic and the rush to enable home working. For the vast majority of Charities, the focus has understandably been on maintaining productivity, not on security, and this has created a perfect storm for Attackers.
This constantly evolving threat, which has a real world adversary who is able to automate almost all of their attacks to achieve massive scale, means that Cyber Risk Management must be a similarly dynamic and evolving. Traditional, legacy approaches like classroom based Training or one off Penetration Tests are simply no longer sufficient. Therefore it is vital that Charities equip themselves with dynamic and above all continuous solutions to help them address this critical, constantly changing and rapidly increasing risk.
Given the lack of expertise and often limited budgets available, SaaS platforms that automate the monitoring, alerting and improvement of Cyber Risk Management across an organization are the most effective and affordable way for Charities to reduce Risk, and many Charities are beginning to see the value and the need for this.
)
Access all our articles and search the provider directory for free.