Artificial intelligence not always so clever
Posted on 06 May 2024
The academic world is embracing the power of AI, but once-trusted sources of information and public…
Posted on 20 Sep 2023
By David Crosbie
The federal government appears to be taking the risk of cyber-crime seriously – just not when it comes to the concerns or vulnerability of the charities and not-for-profit sector, writes Community Council for Australia CEO David Crosbie.
“The Australian Cyber Security Centre (ACSC), which monitors and provides advice on cyber threats, received more than 76,000 reports during the 2021–22 financial year. On average, this equates to a cyberattack every seven minutes. Self-reported losses for one year totalled in excess of $35 billion.” (ACSC Annual Cyber Threat Report, July 2021 to June 2022)
The Australian government is finalising a new cyber security strategy.
The Minister for Home Affairs, Clare O’Neil, outlined the government's intention in a speech to the Australian Financial Review Cyber Summit this week.
Leading into her description of the new cyber security policy, Minister O’Neil said, “Cyber security is the fastest changing national security threat that our country faces... we have an urgent economic and security imperative to make a step change as a country for how we deal with cyber issues.”
The new Cyber Security Strategy will include six "shields" across the following areas:
Cyber security is now a priority concern for governments and business.
Unfortunately, the same cannot be said for all charities, even though the potential for damaging cyber security hacks in this sector is just as real and pressing.
In a joint Community Council for Australia (CCA) and Australian Council for International Development (ACFID) webinar this week, Lyn Morgain from Oxfam and Doug Taylor from the Smith Family outlined their experiences as CEOs of organisations that had experienced a cyber attack.
Their presentations were made more poignant by the fact that both these charities had invested considerable time and energy ensuring they had good cyber security and systems protections in place before they were attacked.
Between them Oxfam and the Smith Family had to spend hundreds of thousands of dollars addressing the hacks, and both also had to deal with the reputational risk as they made full public disclosures.
The lesson we all learnt listening to Lyn and Doug describe their experiences was that no matter how well prepared you think you are, an attack is a case of when, not if.
Even a small hack could have devastating consequences for an organisation. In some cases, the data held within charities and NFPs is much more sensitive than in many businesses.
David Spriggs, the CEO of Infoxchange, pointed out that according to his organisation's surveys of the sector, Oxfam and the Smith Family were in the top 20% of well-prepared charities and NFPs when it comes to cyber security.
Almost 50% of charities and NFPs do not have multi-factor authentication as standard in protecting access to their systems and devices. The same number do not train their staff in cyber security awareness.
Many charities and NFPs suggest cost is the issue preventing them from putting in place cyber security protection, while others indicate it is simply not their highest priority.
Either way, it seems the sector is a sitting duck for bad actors seeking to disrupt and capitalise on weak cyber security.
"Charities and NFPs need to do a lot more to address the threat posed by cyber security, especially given that we are clearly not a priority for government."
At CCA we wrote to the Prime Minister, the Minister for Home Affairs, and the National Cyber Security Co-ordinator a month ago. Copies of the letter were provided to the Assistant Minister for Charities, Dr Andrew Leigh.
Our letter argued in part:
“Charities hold extensive personal and financial information from millions of Australians.
“Despite having a massive footprint in our economy and in our lives, charities and not-for-profits have not been provided with the support they need to deal with an increasingly sophisticated level of cyber-attacks.
“Unlike business, charities spend every spare dollar they can find on serving their communities. Allocating more resources to strengthen cyber security would mean reducing the level of services available in our communities.
“Many charities and NFPs struggle to withdraw services, even though cyber security is clearly an important priority.
“There will be cyber-attacks on charities and there is real potential for certain kinds of attacks to significantly damage confidence and trust in our sector. Cyber-attacks in our sector could also have devastating impacts on individuals and communities.
“We ask that you consider providing increased support for charities across Australia to be able to review their current cyber security preparedness and to invest in better data security and protection.
“This is no more than what your government is already providing to business.
"Leaving charities to fend for themselves in dealing with the threat posed by global cyber security attacks is not an acceptable policy approach.”
Not once did the Minister for Home Affairs mention charities or not-for profits in her speech to the Cyber Summit, nor in the subsequent media coverage and discussion of cyber threats that I managed to follow.
No one has responded to our letters.
It’s as though cyber security is only an issue for business or government. Or that charities and NFPs are seen as a subset of small business – even though none of the extensive small business cybersecurity concessions and grants are available to our sector.
Charities and NFPs need to do a lot more to address the threat posed by cybersecurity, especially given that we are clearly not a priority for government.
It will be the communities we serve who will ultimately pay the price if we fail to support the cyber security capacity of charities and NFPs in Australia.
David Crosbie has been CEO of the Community Council for Australia for the past decade and has spent more than a quarter of a century leading significant not-for-profit organisations, including the Mental Health Council of Australia, the Alcohol and other Drugs Council of Australia, and Odyssey House Victoria.
Posted on 06 May 2024
The academic world is embracing the power of AI, but once-trusted sources of information and public…
Posted on 30 Apr 2024
The epidemic of violence against women will not end unless we all recognise that it is us, not…
Posted on 16 Apr 2024
Faced with inaction from government, some pokies venues are taking matters into their own hands to…
Posted on 09 Apr 2024
It’s time for the charity sector to raise its collective voice and advocate for action on climate…
Posted on 02 Apr 2024
It may be time to question the balance between ASIO's skilled supervision of the nation's security…
Posted on 25 Mar 2024
Proud Australian Denis Moriarty said it's time our politicians stopped claiming we are the best…
Posted on 19 Mar 2024
Indigenous Australian playwright, author and musician Richard Frankland has devoted his life to…
Posted on 12 Mar 2024
Consultation is meaningless if governments don’t take the views of not-for-profits, charities and…
Posted on 05 Mar 2024
Tampering with the rights of free association just so a government can look tough on bikie gangs is…
Posted on 27 Feb 2024
It’s time for state and territory jurisdictions to get out of the way and get serious about a…
Posted on 13 Feb 2024
The National Strategy for Volunteering has achieved a lot in its first year, but there is still…
Posted on 07 Feb 2024
From helping alleviate the fallout from the cost-of-living crisis to defending donor details from…