Cost-of-living: rising cyber threats

Many people are finding it increasingly difficult or impossible to pay for essentials like food, clothing, and heating, because their wages are not keeping pace with rapidly rising prices. This cost-of-living crisis is unlikely to ease until inflation – currently around 10% - begins to go down and wages start to catch up.

 

It’s not just individuals that are affected by the cost-of-living crisis. It’s having a very tangible effect on charities as well. That’s because many charities are finding their incomes squeezed as donors cut back on charitable giving.

 

Many can no longer afford to make donations at the same level – or even at all. Charities are also experiencing higher energy bills, higher costs associated with service delivery, and very understandable requests for increased wages from their staff to help them cope with the crisis.

 

 

Cutting costs

 

In the face of this bleak economic outlook, it’s not surprising that many charities are looking to cut costs by eliminating any spending that’s not absolutely necessary for the continued provision of help to the charity’s service users. And one area in which charities may be tempted to cut spending is cyber security.

 

Cyber security costs always look like potential targets for spending cuts because it is difficult to quantify exactly what benefits cyber security measures bring. If they successfully keep a charity safe from cyber criminals, it is not obvious what cyber-attacks they helped to defend against, and what the cost would have been had the cyber-attacks been successful.

 

 

Neglect cyber security at your peril

 

But there are two very strong reasons why it is important for your charity not to be tempted to neglect cyber security during the cost-of-living crisis, despite the costs associated with it.

 

 

Threat levels are high

 

The first is the sheer level of cyber threats that charities and other organisations face. In the past year the vast majority – 81%, to be precise – of UK organisations experienced at least one successful cyber-attack, according to the 2022 Cyberthreat Defense Report. 83% also believe that a cyber-attack is more likely than not to occur in the coming twelve months. And according to a Department for Culture, Media and Sport (DCMS) report, 26% of UK charities claimed to have been targeted by cyber criminals at least once a week.  

 

The cost of a successful cyber-attack can also be high – for large organisations the financial costs can easily exceed £1 million per incident. The cost of loss in trust and loss of reputation can also be very high: 50% of small to medium sized organisations that suffer a major cyber security breach cease to exist within six months.

 

 

Cyber criminals are circling

 

The second reason is that cyber criminals use crises to their advantage to prey on people and organisations that are affected. During the COVID-19 crisis, many criminals sought to tempt people in to clicking on malicious links or downloading malicious software by purporting to offer health advice or vaccination appointments. And a new publication from the Office of National Statistics is already reporting that cyber criminals are exploiting the cost-of-living crisis for their own ends.

 

In the two weeks to August 5, 2022, the National Cyber Security Centre received more than 1500 reports about scam “phishing” emails pretending to be about energy rebates from Ofgem. These messages evolve over time and may encourage individuals or organisation to apply for “cost-of-living payments” by providing bank account details, to download a document outlining benefits that are available, or to click on a link for more information.

 

Of course, all of these messages are designed to do one thing: help the cyber criminals commit their crimes. Clicking on a link could result in downloading ransomware which could infect all of your charity’s computers. Providing bank details could result in a more sophisticated financial scam. And downloading a document could result in malicious software such as a trojan or key logger being installed, leading to many different types of malicious activity.

 

 

What charities can do to defend themselves

 

In terms of cyber-attacks that attempt to take advantage of the cost-of-living crisis specifically, there are a number of things that your charity can do:

 

 

Communicate the risk

 

Ensure that your charity staff are aware that they are likely to receive scam texts, calls and emails which purport to provide support. Ask them to be on the watch for them, and make sure that they know who they can contact in your organisation if they think that they may have fallen victim to one.

 

Four rules to follow are:

• Hang up on suspected scam calls immediately
• Delete texts asking for personal information or bank details. Do not reply to them
• Never click on links or respond to unsolicited texts or emails
• Never transfer money at the request of a person or organisation you do not know, and verify – ideally by phone call – before following instructions to transfer money from someone you do know

 

Defend your computers

 

Ensure that all your staff are running endpoint security software on their desktop and laptop machines. It may also be worth investing in software that is specifically designed to combat ransomware, although most endpoint security software has some measure of ransomware protection built in.

 

 

Support your staff

 

There are a number of things you can do to help your staff cope with the cost-of-living crisis. Staff that are well supported are less likely to fall victim to cyber criminals through desperation. Things to consider include pay rises, one off bonuses, salary sacrifice, and income streaming.

 

In general terms, the most important thing to remember is that the security threat level has risen, not fallen, due to the cost-of-living crisis. That means that it would be unwise in the extreme to consider cutting back on cyber security measures in order to try to save money.

 

To get a better idea about whether your charity is adequately protected from cyber threats, take a look at our guide to doing cyber security the right way.