In 2017, almost half of all businesses found themselves at the receiving end of a cyber attack.
Whether it’s holding files to ransom or stealing substantial amounts of personal data, cyber criminals are constantly changing their tactics to seek out unsuspecting people.
As a charity, you have databases filled with the personal details of donors, volunteers, service users and stakeholders. All of this information is of value to someone; it’s not just credit card details that hackers want. Any stolen data can be sold on the dark web, where a full record is worth approximately $28, health records can be sold for $2.50 each and credit card information earns around 25 cents.
In November 2017, insurance provider Ecclesiastical interviewed members of the charity sector to discover what the biggest impact of a data breach would be. 77% of charities said that a loss of data is their biggest worry. With many databases having been cultivated over several years, information lost may never be fully recovered.
A successful cyber-attack can be painful and costly for charities. In July 2017, Bury Hospice fell victim to a sophisticated cyber-fraud which took £235,000 from its bank account. However, the risk is more than just financial. Whether it’s damage to your reputation, or your vital services are brought to a halt, the consequences can’t be measured in monetary terms alone.
IT Lab's specialist cybersecurity team is experienced in working with a wide range of charities. Our experts deliver a range of services and solutions including:
- Penetration Testing - simulates how a real-world attack might unfold and what the consequences could be.
- Managed Assurance Service - comprising of several flexible elements to manage and minimise your cyber risks.
- Security Operations Centre (SOC) - protective monitoring, threat detection, rapid response and remediation.
- Security policies and compliance management.
- Cybercrime staff awareness and prevention training.
A report commissioned by the Department for Digital, Culture, Media & Sport revealed that while some charities believe in the importance of keeping on top of the latest cyber security threats, many mistakenly take the view that the private sector is more likely to be targeted and that they are less at risk.
The report also showed that few charities train their staff in how to identify and deal with cyber security threats: "Across interviews, it was uncommon to find charities that had provided cyber security training to any of their staff or volunteers."
In January 2017, a US cancer charity found themselves locked out of their financial data and files after clicking a phishing email. The hackers demanded a Bitcoin ransom for the return of the information, but this was not guaranteed. As the data did not contain sensitive details, the charity decided to rebuild their files - a process which took many months. A similar attack globally - the infamous WannaCry ransomware - resulted in the shutdown of many computer systems, including some NHS trusts.
Attacking a charity which provides a service to those recently diagnosed with cancer proves just how undiscriminating cyber criminals can be and underlines the need for the sector to have solid defences against cyber attacks.
To discuss your cybersecurity concerns and the flexible options available - from Penetration Testing to 24/7 monitoring and threat detection services - click here to contact us. Our helpful experts would be glad to work with you.