Warnings about criminals taking advantage of charities and public generosity during times of hardship
Charities have been issued with fresh advice on the emerging threats to their vital work from cyber attackers and the steps they can take to protect themselves.
The National Cyber Security Centre's (NCSC) latest Cyber Threat to UK Charity Sector report outlines the key threats charities face in 2023 and beyond.
It reflects the ongoing threat to the sector as more charities run services and fundraising online and highlights how the sector is particularly attractive to attackers seeking financial gain.
The report provides case studies showing how disruptive and costly incidents can be, including a ransomware attack on the Edinburgh Festival Fringe Society costing £95,000.
It also warns about the threat from cyber criminals taking advantage of public generosity during times of hardship by masquerading as charities to receive donations. This has been observed recently following the Russian invasion of Ukraine.
Charities are encouraged to follow the NCSC’s guidance to help improve their cyber resilience and sign up to free Active Cyber Defence tools to help mitigate the highlighted threats.
NCSC chief executive Lindy Cameron said: “The UK’s charities are doing fantastic work every day, and digital services and online fundraising are now playing a crucial role in this.
“While it is right that technology should play a part in helping charities, this does open up the possibility of cyber attacks and it is important they understand the risks.
“The NCSC is here to help and I urge all charities to reduce their vulnerability by reading our latest report, following our guidance and making use of the tools available to them.”
The report aims to highlight the overarching cyber threats to the sector and equip UK charities with the information they need to take action and boost their cyber resilience. It outlines how charities are vulnerable to the same cyber risks as commercial businesses but might be seen as attractive targets.
The key threats for charities to stay vigilant against include phishing, ransomware, business email compromise and fake organisations and websites.
Charities are also eligible to take up some services offered as part of the NCSC’s Active Cyber Defence (ACD) programme. This includes free tools and services, including Web Check, Mail Check and Exercise in a Box.
Organisations looking to ensure they have baseline cyber security protections in place should consider taking up Cyber Essentials, a government-backed certification scheme, to help mitigate the majority of cyber attacks.
Smaller organisations in the charity sector can now access free support with putting these controls in place under the new Funded Cyber Essentials Programme, which the NCSC launched last month. More information can be found on the NCSC website.