Cyber security horror stories at Halloween

With ghouls, ghosts, and witches roaming the streets, Halloween is the time for light-hearted horror stories. But there are many other horror stories that are far more disturbing: horror stories about charities and other organisations that fall victim to cyber criminals. And the reason they are disturbing? Because, like the best ghost stories, they are true.

Cyber security breaches are, in fact, almost inevitable for charities of all sizes. In the seven months from March to October 2020, nearly 700 charities fell victim to fraud or cybercrime, amounting to £3.6 million in total losses, according to the Charity Commission.

And in total just over a quarter (26%) of charities admitted that they had suffered a security breach in the past year, according to the Cyber Security Breaches Survey published by the Department for Digital, Culture, Media and Sport.

In this article, we will look at some of the scariest recent cyber security horror stories and offer some advice about how you can stay safe and secure.

Cloud compromise

One cyber crime horror story relates to Blackbaud, the South Carolina-based software company that offers software services such as its cloud-based Raiser’s Edge fundraising application to charities.

When cyber criminals broke into Blackbaud’s systems, the outcome created some issues. That’s because if cyber criminals break into a charity’s computer network, there’s a chance that that charity’s data will be compromised.

But when cyber criminals break into a cloud-based service, there’s a good chance that many, or even all, of its customers’ data will be compromised.

And that’s what transpired at Blackbaud. More than one hundred UK charities including the National Trust, Crisis, and Sue Ryder reported security incidents to the Charity Commission as a result of the Blackbaud breach.

The incident highlights the fact that nothing is 100% secure. Charities are often told that cloud service providers have more staff and resources dedicated to security than a charity could possibly afford, so they are likely to be more secure. While this is undoubtedly true, what’s clear is that they does not guarantee perfect security.

Multi-million-dollar ransomware attacks

Many charities have severely limited resources to devote to cyber security, but even large commercial organisations with sizable security budgets are highly vulnerable to ransomware attacks.

Take the case of Colonial Pipeline, a billion-dollar American oil transport company that carries petrol and jet fuel around the south-eastern United States. In May 2021, the company suffered a ransomware attack which infected systems used to manage its pipeline, bringing its fuel network to a standstill.

The company felt it had no choice but to pay a 75 Bitcoin ransom (worth almost $4.5 million) to get its pipeline network up and running again.