Hackers Targeting UK Charities
March 05, 2018
DEVIOUS tricks to defraud small charities through online attacks have been exposed in the first ever threat assessment for the sector, along with guidance about how to defend against possible risks.
The work by the National Cyber Security Centre (NCSC), a part of GCHQ, will give the sector more help than ever before to defend itself from the most common cyber attacks.
There are almost 200,000 charities registered in the UK and the NCSC’s Cyber Threat Assessment reveals how their valuable funds, supporter details and information on beneficiaries is being targeted.
Alongside the assessment, the NCSC has also published the Small Charity Guide to outline easy and low-cost steps to protect from attacks. It includes expert advice that is particularly useful for small organisations on backing-up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks.
Alison Whitney, Director for Engagement at the NCSC, said:
“The National Cyber Security Centre is committed to supporting charities and we strongly encourage the sector to implement the advice outlined in our guide.
“Cyber attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.
“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets, and reputation.”
Writing in the foreword to the Small Charity Guide, NCSC CEO Ciaran Martin said:
“I am extremely proud to present this cyber security guide for charities, who are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity.
“The National Cyber Security Centre aims to make the UK the safest place to live and work online.
“We are committed to supporting the charity sector and we encourage you all to implement the quick and easy steps outlined in this guide.”
The report finds that cyber criminals motivated by financial gain are likely to pose the most serious threat, which could have a paralysing effect on a small charity’s ability to deliver their services. One example listed details how a UK charity lost £13,000 after its CEO’s emails were hacked to send a fraudulent message instructing their financial manager to release the funds.
The assessment notes that the scale of cyber attacks against charities is unclear due to under-reporting and charities are being urged to report such crimes to Action Fraud and the Charity Commission.
Charities have also been encouraged to join the NCSC’s free Cyber Information Sharing Platform (CiSP) to exchange threat information in a secure and confidential environment.
The assessment and report have been well received by the sector, with heads of influential bodies praising the NCSC’s work.
Helen Stephenson Chief Executive of the Charity Commission for England and Wales, said:
“Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber crime for criminal purposes or personal gain is particularly damaging and shocking.
“The threat assessment confirms what we often see in our casework - unfortunately charities are not immune to fraud and cyber crime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.
“We fully endorse the National Cyber Security Centre’s guide on cyber security for charities. This will be a valuable resource to help charities protect their work, beneficiaries, funds and reputations from harm and we encourage charities of all sizes to make use of it.”
Pauline Broomhead CBE – CEO, Foundation for Social Improvement, said:
“This guide will give leaders in smaller charities confidence that they are taking the necessary steps to protect their charity. It is an excellent guide and we intend to make sure our members are fully aware of the valuable information it contains.”
Sir Stuart Etherington – CEO, National Council of Voluntary Organisations (NCVO), said:
“Awareness and knowledge about cyber security continue to differ among charities, but it is important that all charities protect the data they hold from cyber crime. That is why this guide for charities is so welcome - it will help trustees and those working in charities understand what the threats are, and what steps they need to take to minimise the risk of a cyber attack.”
Mandy Johnson, CEO of the Small Charities Coalition, said:
“The Small Charities Coalition welcomes this initiative by the National Cyber Security Centre. As a Coalition we are proactively encouraging small charities to make more use of digital technology, so the timing of this guidance is especially helpful.”
The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. Its behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online.
The Cyber Aware Perceptions Gap Report has also been published today, demonstrating common misconceptions that are preventing people from protecting their online security.