The UK’s NCSC have just released their latest threat report Phishing and Ransomware amongst biggest threats to the charity sector. The new report outlines the growing threat that charities face, and how they can become resilient to cyber attacks.
Phishing, and more specifically Spear phishing, is the tool of choice by most cyber gangs to breach an organisation to launch a ransomware attack. As we have seen from this year’s annual statistics (https://www.blackfog.com/2022-ransomware-attack-report/), ransomware continues to break new records each month and ended 2022 with an all-time record number of attacks, a 29% increase over 2021.
We have seen specific sectors such as education and government become the most targeted. Charities fall into the same category because they are seen as low hanging fruit without the adequate resources for protection, both in terms of skilled cyber professionals as well as cybersecurity technology. Since the goal of any attack is to breach an organisation and steal valuable information, charities pose a very high risk as they are gatekeepers to many high net worth individuals details which can be leveraged for extortion. This is similar to the way such individuals were targeted from an attack on Daylesford in the UK last year, where high net worth individuals details were leaked online. Like any organisation, charities need to look carefully in how they are protecting their data and what they are doing in terms of Anti Data Exfiltration generally.