CyberCX report reveals cyber risks to Australian Charities sector
Melbourne, Australia – 5 December 2023
A new insights report from CyberCX has found that the cyber risk level for the charity sector is high, as charities grapple with limited funding and resources, a reliance on third-party IT providers, and hold sensitive data that could be attractive to cyber criminals.
CyberCX’s inaugural Australian Charities Cyber Intelligence Insights report outlines a series of simple, practical, and low-cost steps charities can take to immediately improve their cyber resilience in the face of growing threats from a range of actors, including cyber criminals and nation-states.
According to the Australian Charities and not-for-profits Commission (ACNC), there are around 60,000 registered charities across Australia.
Launching the report, CyberCX CEO John Paitaridis said that Australia’s diverse charity sector faced a unique and particularly hazardous cyber threat landscape, with potentially devastating consequences when cyber risk is realised.
“Charities support some of the most vulnerable individuals and are an essential part of our community. Unfortunately, cyber threat actors have no moral compass and don’t respect charitable purposes.
“Cyber attacks against the charities sector can have consequential impacts for the financial wellbeing and reputation of affected charities. A cyber attack can also expose the very communities a charity serves to protect” said Paitaridis.
The report determined that the potential impacts of cyber incidents to Australian charities include the personal harm to individuals when sensitive data is stolen and exposed, service delivery impacts from ransomware attacks, reputational damage among charity donors and other community members, and financial loss to both charities and their donors.
While determining the risk to the sector is high, the report aims to provide charities of all sizes with a range of practical, low-cost measures that can help boost the cyber security posture of any charity and protect their staff, donors, and the wider community.
These steps include:
- Managing identity – creating a culture of strong and unique passwords, using password managers, and implementing multi-factor authentication (MFA) where available.
- Cyber hygiene – conducting data exposure assessments to determine if credentials have been stolen and published online, ensuring distributed denial of service (DDoS) protection is in place, and hosting your website on separate infrastructure to the rest of your operations.
- Personal information – understanding where and how an organisation stores its data by conducting personal information audits, and reviewing the security of any community log in portals on your website.
- Community culture – Educating volunteers, staff, and donors to update personal devices to the latest software, and raising awareness around not responding to suspicious emails, messages, or calls purporting to be from your charity.
“Charities tend to have less resources to spend on their IT systems and cyber security, as the community expects them to focus their resources on their charitable cause. The good news is there are everyday, simple steps that charities can take to boost their cyber resilience” said Leah Pinto, Intelligence Engagement Lead at CyberCX Intelligence.
“Recent attacks in the charities sector have demonstrated the importance of minimising the data that you hold. Organisations of all sizes can undertake basic steps like de-identifying sensitive data to reduce their data footprint and risk, tagging and labelling data based on sensitivity and business needs, having a single and centralised view of data assets, and a regular cadence of identifying and removing redundant copies of sensitive data” said Pinto.
CyberCX is the leading provider of end-to-end cyber security and cloud services. With a workforce of 1,300 cyber security professionals, CyberCX is a trusted partner to private and public sector organisations, helping customers confidently manage cyber risk, respond to incidents, and build resilience in an increasingly complex and challenging threat environment.