Eclipse Authors: Pat Romanski, Elizabeth White, Liz McMillan, David H Deans, JP Morgenthal

Blog Feed Post

The Cyber Threat to Non-Governmental Organizations


Editor’s note: In this guest post Paul Goldernberg brings more focus to the cyber security concerns facing many Non-Governmental Organizations (NGOs). NGO’s are typically non-profit organizations that pursue social aims. With over 1.5 million NGOs in the US alone, they present a very large target space to cyber attackers -bg 

Over the past year, cyber threats have emerged as a primary concern, particularly with regard to homeland security. Governments, corporations, houses of worship, and non-profit organizations large and small have been the target of cyber-attacks aimed at defacing websites, disrupting networks, stealing information and damaging systems and infrastructure. In outgoing remarks Homeland Security Secretary Napolitano has a warning for her successor: A massive and “serious” cyber-attack on the U.S. homeland is coming, — the likes of which the nation has never seen.

In today’s world, most faith based and non for profit organizations maintain their most valuable assets in digital form. Houses of worship and NGO organizations have a critical role in social service delivery and emergency management response and as such have more sensitive information invested in their technology than ever before. Examples could include employees’, clergy, congregants, recipients of social services, personal data, home addresses, monetary transfers, donor information, private materials about a faith based organization’s plans, etc. The dangers of the situation are further augmented when one factors in today’s increased interconnectivity, reliance on digital networks and web-based technology, and the broadened use of smart phones. This massive dependence on technology provides a perfect platform for groups and individuals who seek to cause severe damage to an organization’s infrastructure and operations. What is more, an institution’s private information is threatened with every download, every click on an internet link, and every opened email.

Mal-intentioned individuals or groups no longer require physical access to a house of worship or NGO to cause its community members harm, or to gather information to plan future terror or criminal attacks. Rather, a criminal, a hacker or a terrorist-related group from the other side of the globe can, with equal impunity, breach a house of worship or NGO network and silently gather its most vital information. Most troubling is that a theft or probing of this nature can go undetected for years—if not indefinitely. Where information once filled floors of locked filing cabinets under the careful watch of staff and volunteers, hackers and computer criminals now have the capacity to make digital copies of the original that fit easily onto concealed portable hard drives.

Not one year ago, a server that hosts around 50 Jewish congregational websites was attacked by a politically motivated hacker group called the Moroccan Ghosts. The group plastered the targeted websites with their logo and an hour-long video denying the Holocaust. According to the cyber experts, this one event was only part of a larger trend of hackings targeting the websites of groups for political and or ideological justification. The incident provides just a small glimpse into the damage that can result from breaches to an institution’s cyber-security. Of highest concern is when personal information such as the home addresses, names, schools attended by the children of faith based leaders and staff, become open source posts on hate filled or extremist websites and blogs. Jane Holl Lute, former Deputy Secretary of Homeland Security and nationally-regarded cybersecurity expert, advises:

“In cybersecurity, we are now experiencing what one noted expert has termed “the fog of more.” A welter of advisories, technology, tools, and checklists is being offered up in the service of protecting our networks. But part of the reason more enterprises are not better postured on cybersecurity is because it is not always clear what should be done first, or as a matter of priority, among the various means and ways that are suggested.”

“Cyber threats to houses of worship, faith based and NGO organizations pose significant security risks to their operations and include everything from surveillance and intelligence collection on leaders and members to accessing systems that can disrupt operations or be exploited for conducting a physical attack. The security operation needs to include complete security planning and implementation to counter both physical and cyber threats…” says Robert Liscouski, CEO of Axio Global, LLC (a cyber-enterprise risk firm) and former Assistant Secretary of Infrastructure Protection, Department of Homeland Security.

In terms of cyber threats on individuals, the 2012 Norton Cybercrime Report revealed that 556 million individuals are victims of consumer cybercrime every year. That’s 18 victims per second. Two out of every three adults use a mobile device with internet access, and 31% of mobile users that year received a text message from an unknown source asking them to click on a link, dial an unknown number, or retrieve a suspicious “voicemail.”

Due to the evolving nature of the risk to faith based and NGO affiliated facilities, the answer to who is responsible for addressing cyber-security concerns is somewhat vague. An administrator’s or a director’s fiduciary duties without a doubt extend to the protection of significant digital assets. What, then, are a director’s or an administrator’s specific responsibilities when it comes to cyber security? Can an administration simply rely upon its IT department or person to address cyber-security needs, or do faith based and NGO leaders have an obligation to educate themselves on the nature of their respective agency’s cyber technology? Will cyber-security be a topic of discussion only after an organization experiences a major security breach?

Cyber-security has become the new homeland security of the decade. It is imperative that we apply the same level of awareness and action as we have to the physical security of our facilities to ensure our security against this ever-evolving threat. Last year, then Defense Secretary Leon Panetta issued a call to arms against cyber-attacks, warning that sophisticated attacks against the U.S. could be America’s next “cyber Pearl Harbor.”

The threat of cyber-attack is more real than ever. Like the years leading up to 9/11, the clarion call has been sounded, and warnings have been made. Are we listening?

Preventative strategies in preventing cyber-attacks can be found here

Mr. Goldenberg is the President and CEO of Cardinal Point Strategies and is a member of the United States Department of Homeland Security Advisory Council and serves as Vice Chair of the DHS Faith Based Advisory Security Council. He provides counsel to government, faith based and NGO organizations in cyber security policy and information sharing, as well as strategic counsel on global national security affairs to international NGO, private sector, and government agencies. He also serves as a Senior Security Advisor to the County Executives of America, Counter Terrorism Adviser to the American Hotel and Lodging Associations Educational Institute, and National Director of the Secure Community Network, the nation’s first full time faith based threat and information sharing center.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...