Five types of cyber attack charities ought to know

Charities should brace themselves for a tsunami of cyber attacks in 2023, thanks to a “perfect storm” of tightened cyber security budgets and a huge influx of new hackers around the world.

 

At the root of the problem is a series of global events including Russia’s invasion of Ukraine, soaring energy prices, high inflation, and a cost-of-living crisis that shows no sign of abating.

 

The result is that an unprecedented number of people are turning to cyber crime as a means of earning a living or boosting income. “The downturn in the (global) economy…will almost certainly lead to an increase in individuals taking additional risks to commit fraud in 2023,” says Ernie Moran, general manager at financial protection service Brightwell.

 

At the same time, many charities are seeing their incomes fall as potential donors struggle to pay their bills. That means many will be tempted to make cuts to cyber security budgets. That could have catastrophic results, especially if charities are tempted to cut spending cyber security awareness and training programs.

 

That’s because human error is predicted to remain one of the key factors that make charities vulnerable to cyber attacks. In 2022, research by the World Economic Forum found that 95% of cyber security issues could be traced back to human error.

 

“When ensuring the safety and security of an organisations digital assets”, cyber security awareness training “is still the very best and most valuable return on investment,” said Texas-based cybersecurity and national security expert Charles Denyer.

 

Below we explore five of the top cyber security threats that you need to be aware of in 2023.

 

 

Ransomware

 

Ransomware is a type of malware that encrypts the victim’s data and demands a ransom payment in exchange for the decryption key. The recent ransomware attack on Royal Mail, which crippled its international postal services for about a month, underlines the fact that ransomware remains a huge cyber threat in 2023.

 

To protect against ransomware attacks, your charity should implement robust backup and disaster recovery plans. It should also invest in endpoint security solutions such as those offered by Avast and others that can detect and block ransomware attacks as well as other types of malware, and regularly update your software and systems.

 

 

Phishing attacks

 

Two years ago, cyber criminals took advantage of the pandemic to launch waves of phishing attacks using emails purporting to offer everything from financial support to medicines and vaccinations.

 

In 2023 there will likely be as many or even more phishing emails sent to charities and other organisations, but now the subjects are likely to range from financial support during the cost of living crisis and help with energy bills, to appeals for help connected to the war waged by Russia in Ukraine.

 

To protect against phishing attacks, your charity needs to ensure that staff awareness of phishing is high through regular awareness training. Endpoint security software may also filter emails to detect phishing attacks.

 

 

“Pig butchering” crypto attacks

 

These attacks get their name from the concept of fattening a pig before slaughtering it. In a pig butchering attack a cyber criminal makes contact with an individual by email, text, or WhatsApp on some pretext, and then slowly befriends them.

 

After a short period the cyber criminal suggests that the victim makes a small investment in crypto currencies, which appears to make a handsome profit. After persuading the victim to invest a more significant sum, the cyber criminal then disappears, taking all the money with them.

 

As well as resulting in significant financial losses to individual victims, there is also the possibility that small charities can be persuaded to “invest” some of their funds in these cyber scams. Once again, staff awareness training is the best way to protect your charity and its employees from pig butchering attacks.

 

 

AI-powered attacks

 

Artificial intelligence (AI) is opening up new avenues for cybercrime. It enables cyber criminals to take advantage of machine learning algorithms to evade detection and carry out highly targeted attacks. That means that in 2023, the frequency and effectiveness of AI-powered attacks is likely to explode.

 

To protect against AI-powered attacks, your charity should consider fighting fire with fire by investing in AI-powered security software that can detect and block malicious activity in real-time. Other security measures to consider include implementing two-factor authentication and encryption if this has not already been put in place.

 

 

Data poisoning attacks

 

An increasing number of organisations of all types, including charities, use data analytics to help them in many different fields including security, strategy, and purchasing decisions.

 

The important thing to remember is that data analytics is only as good as the data it uses. This provides cyber criminals with an opportunity: if they are able to access a charity’s databases and modify the data or inject false data – a process known as data poisoning – then they can influence the charity into making bad decisions.

 

For example, a data poisoning attack could help persuade a charity to enter into a contract with or make a purchase from the cyber criminals rather than a reputable organisation.

 

To protect against data poisoning attacks it is essential to ensure that your databases are protected securely. This could include encryption, access controls, two-factor authentication, and data segmentation.

 

This latter involves storing different types of data separately, allowing more stringent security measures to be applied to the most important data and making it harder for a cyber criminal to poison all your data.

 

It’s also important to have a robust backup system in place so that uncorrupted data can be recovered after a data poisoning attack has been discovered.