The Cyber Security Breaches Survey 2023, published by the Department for Digital, Culture, Media and Sport has revealed that 24% of charities have identified breaches or attacks in the last 12 months. Shockingly, the report also revealed that 19% are identifying attacks taking place once a month.
The report highlighted that charities are being targeted most by phishing attacks, with 83% saying they had identified a phishing attack in the last 12 months. Phishing involves attackers trying to con recipients into giving away personal details or passwords through emails and text messages.
Other alarming key figures highlighted by the survey were:
33% of charities said they are insured against cyber security risks
Only 11% of charities surveyed saying they had reviewed the risks posed by their immediate suppliers.
Just 55% of charities have a password policy, having a secure password is one of the strongest and simplest ways to prevent cyber attacks.
Only 17% of charities said they had trained staff on cybersecurity. Unprepared staff are at a heightened risk of being unaware when working from home, returning to the office or starting a new job.
Did you know that website compromises are one of the most common forms of cyber attacks on charities?
For one not-for-profit organisation located in the South East who provide support services to children and young people, they suffered this unfortunate situation when they were targeted by cyber criminals.
The organisation was notified by the security settings within their website that an unverified user had attempted to login to their website. Thankfully, this organisation had the right settings in place to alert them of attempted unauthorised access and were provided with guidance and services to secure their website further.
While it is tempting to think it cyber-attacks only happen to high-profile, high turnover businesses and charities, research shows that regardless of the size and complexity of your organisation, anyone can be targeted.
So, why is the charity sector particularly vulnerable to cyber-attacks?
The charity sector faces the same cyber risks as private sector and government organisations but there are some reasons why charities could be particularly vulnerable to cyber-attack:
Charities are attractive targets for many hostile actors seeking financial gain, access to sensitive or valuable information, or to disrupt charities’ activities
Charities may feel reluctant to spend resources, money, oversight and staff effort on enhancing cyber security rather than on front line charitable work
Charities are less likely than businesses to employ technical cyber security controls. (DCMS Cyber Security Breaches Survey 2022 4.4).
Charities have a high volume of staff who work part time, including volunteers, and so might have less capacity to absorb security procedures Charities are more likely to rely on staff using personal IT (Bring Your Own Device) which is less easy to secure and manage then centrally issued IT.
Head of Cyber and Innovation for the South East, Detective Inspector Chris White, said:
"Charities often run on the trust and confidence of their supporters for the money they raise. Whilst it’s hard to believe that anyone would target a person who is trying to raise money for a good cause, sadly cyber criminals are ruthless and do not care about the victim.
"There are some simple measures that not only safeguard you, but protect your systems as well. Many people don’t know these facilities exist and just need help with the activation. The example really highlights how simple measure protected what could have been a huge disruption not only to the charity but those who rely on their provisions in times of crisis.
“Charities can help keep their supporters from falling victim by providing the right guidance and that’s where The South East Cyber Resilience Centre can help. We offer a free membership that is specifically designed to help to protect small companies and charities in the region from cyber-crime.
"We also offer Security Awareness Training for charities that will provide employees, trustees, board members and volunteers with simple and effective knowledge and tips to help them to understand their working environment and provides them with confidence to challenge when something doesn’t look right.
We recently worked with a South East based charity, The Thames Valley Partnership to improve their cyber security via our training. You can discover the case study, here.
Please contact us today to hear more about our security awareness training and how we can help your charity to become more cyber secure. Take immediate steps to help secure your charity today
To help you keep on top of important security measures and keep your data out of the hands of hackers, we’ve developed a simple security checklist to help secure your data.
Download it, here.