A warning from the government and the Charity Commisison has gone out to charities that they must redouble their efforts to protect their data against cyber attacks. The warning comes following a report commissioned by the department for Digital, Culture, Media and Sport, revealing a general lack of risk awareness among the 30 charities polled.
Some charities were of the opinion that cyber threat was an issue that had more to do with businesses than themselves. The survey also revealed a lack of internal staff with the relevant technical skills to deal with the risk. If an individual had been tasked with the responsibility for maintaining cyber protection, it was usually performed by someone with a different role, and usually alongside numerous other responsibilities.
Complacency isn’t an option when it comes to protection from cybercrime. The worldwide ransomware attack known as Wannacry famously hit the NHS. At least 40 hospitals run by 24 trusts were affected, but as computer science professor Alan Woodward explained, the NHS was, on the whole, well prepared. Patches to protect against ransomware were available within the NHS, but some trusts had not applied it to their systems, making them vulnerable.
The basic practice of updating passwords and reviewing firewall rules can often be all that is required to avoid some attacks, but with an already under-resourced and overworked workforce, cyber-vigilance in the NHS can be in danger of becoming de-prioritised and under-funded. The same problems were found with charities, according to the DCMS report, which highlighted that delivery and fundraising pushed cyber security aside, meaning that even training staff in basic systems protection rarely took place.
One solution on offer is to install file integrity monitoring software from cyber security experts such as https://www.promisec.com/file-integrity-monitoring-software/. While files on a system are changed by users working on their desktops, core files shouldn’t change, and it’s the monitoring of this type of file which can identify threats before they have a chance to occur.
The chief executive of the Charity Commission, Helen Stephenson, warned that the damage a potential cyber-attack can wreak cannot be ignored, and advised charities to follow the advice given on the Charities Fraud website. The government is developing a support programme along with the National Cyber Security Centre and the Charity Commission.