NGOs are often the victim of cyberattacks, with over 50% of NGOs reporting being targeted, and 86% lacking cybersecurity plans. But why are NGOs attacked online?
As organizations whose primary role is the distribution of aid and raising awareness of the needs of vulnerable populations, cyberattacks can have a crippling impact on NGOs’ ability to function and respond to a crisis. Such attacks put huge pressure on their limited resources. They not only prevent an NGO from fulfilling its mission in the short-term, they can also inflict long-term reputational damage and undermine the confidence in its ability to fulfil its role in current and future crises and emergencies. As a result, donors and beneficiaries of aid may lose trust in the NGO and withdraw support.
Prevention better than the cure
Most cyberattacks exploit known or basic vulnerabilities that can easily be prevented by taking simple precautions. Black hat hacking is in many respects a sophisticated form of burglary. Just like a break-in, it’s often simple carelessness that lets an intruder in the door. The simplest and most basic precautions can prevent a breach. Over 50% of NGOs have already partially developed cybersecurity frameworks and have introduced awareness training for their staff. However, lack of resources may mean many organizations are unable to employ dedicated staff toward comprehensive cyber protection, which explains why NGOs are attacked online.
Our CyberPeace Builders and our CyberPeace Café offer support and shared resources for NGOs to help you prepare for, prevent, and recover from cyberattacks. We look forward to working together and building solutions to combat this growing threat!
A common cyberattack used against NGOs is fraud often combining spearfishing and identity theft to trick NGOs into making wire transfers.
In one example, this caused the NGO Roots of Peace a total loss of US$ 1.3 million in 2020. They are an NGO with a mission to transform agricultural land riddled with landmines into sustainable agricultural farmland in countries such as Afghanistan.
Known as CEO Fraud, this is a cyberattack scheme in which cybercriminals fake company email accounts and impersonate executives or trusted employees with the goal of tricking them into executing unauthorized wire transfers of money.
Cybercriminals disguise themselves as trustworthy individuals and create stories which victims believe.
This is what happened to Roots of Peace. It could have led to the end of their humanitarian operations. Luckily, for the ordinary people they help, Roots of Peace found a way to carry on.