Great change needs good leadership
Posted on 12 Dec 2024
Change is an inevitable part of running a good not-for-profit. In fact, some leaders suggest that…
Posted on 30 Jul 2024
By Matthew Schulz, journalist, Institute of Community Directors Australia
Not-for-profits appear to have escaped the worst of the CrowdStrike IT meltdown earlier this month that caused a worldwide shutdown of Windows-based computers that used the software.
Early this week, CrowdStrike security software confirmed that 97% of Windows “sensors” were now back in action, but not before an estimated $1 billion loss by businesses in Australia.
Charities were less affected because, ironically, the cost of CrowdStrike is prohibitive for many in the sector, according to the Community Council for Australia (CCA), which believes the incident highlights the cyber threat for a sector struggling to raise enough funds to invest adequately in security, ‘system hygiene’, privacy and data management.
CCA chief executive David Crosbie told the Community Advocate that the federal Labor government had taken to the last election a promise to support the not-for-profit sector in bridging the technological divide, but that the sector was still waiting for that support.
“We are hearing that many charities face a doubling of IT costs as they try to manage security and data risks, let alone invest in growing their impact through digital transformation,” Mr Crosbie said.
“Governments in so many ways rely on our work – and say they support us – yet we see no investment in supporting this critical capacity for the sector. It’s time that changed.
“We are seeing the technology divide grow in both breadth and risk, with more and more cyber-criminals seeking a weakness they can exploit.”
Technology for social justice outfit Infoxchange agreed that the CrowdStrike incident highlighted the need for the federal government to provide more support to the sector.
Chief technology officer Alison Ramsay said “bad actors trying to capitalise on the chaos” continued to be a threat, after former Home Affairs Minister Clare O’Neil warned scammers had been swift to attempt to exploit the situation by offering fake updates and fixes.
“We're renewing our calls on the Federal Government to address the critical needs of the not-for-profit sector who have once again been left without the capacity to respond effectively to this incident,” Ms Ramsay said.
And while the latest incident was not a deliberate hack, Infoxchange’s most recent Digital Technology Report found the sector remained highly vulnerable to cyberattacks, with one in eight not-for-profits suffering a cybersecurity incident or breach in the past year, and with only a handful having plans, policies or training to avoid such attacks.
Ms Ramsay urged organisations to educate staff and volunteers about the need to avoid clicking on links in emails, text messages or messaging platforms in relation to the CrowdStrike outage.
“Always go to official sites, even if the link looks legitimate,” she said.
And even though the outage was caused by a failed software update, she said, “it is still critical to install security updates on devices”.
“If you disabled updates during this incident, it is important that these are re-enabled to keep devices secure and up-to-date,” she said.
“We're renewing our calls on the Federal Government to address the critical needs of the not-for-profit sector who have once again been left without the capacity to respond effectively to this incident.”
Nik Devidas, from the 4Walls cybersecurity service – which in conjunction with ICDA will be conducting cybersecurity governance training for NFP directors later in the year – suggested that CrowdStrike should have known about problems with the update, given that a Linux update in June caused a similar “blue screen of death” problem.
But he said the incident should prompt all not-for-profits to develop “robust, multi-layered security approaches and well-tested incident response strategies”.
He said organisations should ensure they have a strategy that includes a disaster recovery system, including regular backups stored in secure locations.
This could include avoiding a reliance on one IT vendor, which could create a “single point of failure”. It could even include developing a “pen and paper option in case your technology completely fails,” he said.
He said organisations should implement “a well-documented and tested incident response plan” and conduct drills to test those plans.
Mr Devidas said the global outage was unusual in that CrowdStrike’s high-level access to systems ironically triggered the shutdown of systems it was designed to protect.
He said no system was immune to failure, but organisations could mitigate risks by testing updates on a small scale before a wide rollout and maintaining good communication with software suppliers.
“The silver lining of this incident will be a heightened focus by vendors to thoroughly test before releasing updates,” he said.
Posted on 12 Dec 2024
Change is an inevitable part of running a good not-for-profit. In fact, some leaders suggest that…
Posted on 12 Dec 2024
Managing change well is an essential part of good leadership says Adele Stowe-Lindner, executive…
Posted on 12 Dec 2024
Tharawal Aboriginal Corporation (TAC) is a big drawcard in the suburb of Airds, about 56km…
Posted on 11 Dec 2024
Four Winds, a renowned musical venue and natural amphitheatre near a beautiful bay just outside…
Posted on 11 Dec 2024
The merger of two of Australia’s top LGBTQIA+ organisations to create Rainbow Giving Australia is…
Posted on 11 Dec 2024
One of the chief architects of the recently released roadmap on the future of the not-for-profit…
Posted on 10 Dec 2024
Corporate and philanthropic organisations are increasingly engaging women and girls to help…
Posted on 10 Dec 2024
A community-wide approach is needed to help the increasing numbers of Australians battling…
Posted on 10 Dec 2024
Australia’s workforce classification has undergone a significant overhaul, with implications for…
Posted on 10 Dec 2024
More than 10,000 Australians are being added to the ranks of the nation’s homeless each month,…
Posted on 10 Dec 2024
Whether your enterprise is a for profit or not-for-profit outfit, ethics matter just the same, says…
Posted on 05 Dec 2024
The federal government will scrap the $2 minimum for tax deductible donations.