Cyber criminals see charities as easy targets

Cyber criminals aren't going to show any compassion when on the hunt to make money on the internet.

credit card lock

Non-profit organisations such as charities are an easier target for cyber criminals than commercial businesses, due to their lack of resources.

So claims Imperva's chief technology officer Amichai Shulman, who discussed the threat in an interview with IT PRO.

He said that non-profits often held sensitive information on donors such as credit card transactions, yet much of the time didn't have the IT resources of commercial organisations, as they have less budget.

In addition, work done on non-profit applications was often done voluntarily, which meant that they were potentially not as robust.

"There is an assumption that it will be easier to penetrate their applications and networks," Shulman said.

TechSoup Global, a San Francisco non-profit looking to help other charities with technology, found out a year ago that it was suffering application-level attacks on its website, which was connected to back office systems used for receiving donations.

"We had a little bit of a breach from a SQL injection attack, and it brought our systems down," said TechSoup senior director Richard Collins. "It took about three days to get our systems back up and running."

Collins said there was no question that criminals would see charities as "soft targets", agreeing with Shulman that they traditionally had less money to spend on infrastructure and IT operations.

"The big banks and those companies have money to put into security, and over the last few years they have put in a lot of money and effort in protecting themselves," Collins said.

"[Non-profits] haven't been able to do that. It's a resource issue. I don't have anybody specific working on security," he added.

He said non-profit organisations like TechSoup needed to take on board industry best practice, such as knowing what to do with data and how to handle it, and making sure everybody in its IT department was operating with security in mind.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020