Cyber criminals see charities as easy targets

Cyber criminals aren't going to show any compassion when on the hunt to make money on the internet.

Non-profit organisations such as charities are an easier target for cyber criminals than commercial businesses, due to their lack of resources.

So claims Imperva's chief technology officer Amichai Shulman, who discussed the threat in an interview with IT PRO.

He said that non-profits often held sensitive information on donors such as credit card transactions, yet much of the time didn’t have the IT resources of commercial organisations, as they have less budget.

In addition, work done on non-profit applications was often done voluntarily, which meant that they were potentially not as robust.

“There is an assumption that it will be easier to penetrate their applications and networks,” Shulman said.

TechSoup Global, a San Francisco non-profit looking to help other charities with technology, found out a year ago that it was suffering application-level attacks on its website, which was connected to back office systems used for receiving donations.

“We had a little bit of a breach from a SQL injection attack, and it brought our systems down,” said TechSoup senior director Richard Collins. “It took about three days to get our systems back up and running.”

Collins said there was no question that criminals would see charities as “soft targets”, agreeing with Shulman that they traditionally had less money to spend on infrastructure and IT operations.

“The big banks and those companies have money to put into security, and over the last few years they have put in a lot of money and effort in protecting themselves,” Collins said.

“[Non-profits] haven’t been able to do that. It’s a resource issue. I don’t have anybody specific working on security,” he added.

He said non-profit organisations like TechSoup needed to take on board industry best practice, such as knowing what to do with data and how to handle it, and making sure everybody in its IT department was operating with security in mind.