In April 2022, Insecurity Insight, a humanitarian NGO that examines the threat landscape of dangerous environments received a string of malicious links and pornographic material through their personal devices and organizational systems.
After the heinous attack, we follow up with the co-founder of Insecurity Insight, Christina Wille to delve into her experience against the cyberattack with the support of the CyberPeace Institute.
At the time of the attack, we no longer felt in control of our information and means of communication. It was unsettling to learn someone had gained access to our internal system and perhaps read everything we were writing.
We did not know who to turn to for professional help until we learned about the services provided by the CyberPeace Institute. The CyberPeace Institute staff were extremely responsive. They took all our concerns seriously and helped us to check several technical details. They were holding our hand as we found our way through the crisis. Having someone available to advise was invaluable in what for us was a previously unknown situation.
Once the crisis was over, the CyberPeace Institute continued to provide support through their volunteering program that bridges experts in cybersecurity with humanitarian NGOs, the CyberPeace Builders. The Builders carried out an audit of our system and helped us to develop a response plan.
Since then, we have been receiving help to strengthen staff awareness and improve our settings and general practices. Receiving such hands-on technical help has allowed us to implement additional security measures that we didn’t know existed. We have learned a lot in a very short period of time and feel much better equipped to operate in a changing work space where there are real online risks.
NGOs have to take cybersecurity more seriously. We used to falsely assume that because we physically work from what feels like a very safe space that we were secure, however, this does not necessarily extend to our online existence. There are no borders on the internet and no cyber police force patrolling the space. We are potentially vulnerable to risks from anywhere. The internet is also changing how we work, and that means that we have to adopt appropriate practices to be true to our humanitarian principles of not to do harm. Cybersecurity is a duty of care towards our staff and the people we serve with our work.
The CyberPeace Institute has been a mentor to us. CyberPeace staff are advisors who we can rely on in a crisis. We feel that we can trust the CyberPeace staff to provide us with objective and appropriate advice that help us build our long-term cyber security capacity. There are many cybersecurity advisors out there but for us, the CyberPeace Institute stands out because they are free and trustworthy and understand the reality and needs of not for profit organizations.
Some cybersecurity experts are very expensive and hard to afford for NGOs. In particular, as NGO internal budgeting rules may mean that there has to be planning before a cybersecurity expert can be commissioned to provide advice. This can make it hard to find the funds to access advice in a crisis that wasn’t planned for. There are other free cybersecurity services but there is always the question why the service is free and if they may intend to sell a specific solution through their free services. The CyberPeace Institute support is free and they provide excellent advice on many free solutions allowing NGOs to scale up cybersecurity without necessarily increasing the security budget. The CyberPeace Institute is truly focused on the needs of NGOs and this means that the suggested solutions are workable.
Christina WILLE, Director of Insecurity Insight.
Insecurity Insight is a member of the CyberPeace Builders community.