Sector braces for cyber-attacks in year ahead

The nation’s top experts in tech say cybersecurity, hacking and privacy will need to be front of mind for organisations this year in the face of targeted attacks on the sector.

The warning follows a spate of incursions late last year including data security breaches at St Vincent's Health on December 19 and Surf Life Saving Victoria on November 28.

The sector was already on edge following a massive data breach by telemarketer Pareto Phone in which data from more than 70 Australia charities and 50,000 donors was dumped on the dark web.

The affected organisations were a who’s who of the sector, ranging from Amnesty International to the Wilderness Society to Médecins Sans Frontières (MSF) (Doctors without Borders).

MSF’s head of fundraising, Tom Duggan, said the impacts of the data breach would reverberate through 2024 and beyond.

“Charities and their supply chains are now on notice that they are just as much a target as their commercial colleagues,” said Mr Duggan.

“This will require ensuring they have properly invested in appropriate infrastructure and skills to keep their data and their donors’ data secure.”

While not cheap, doing the hard work to defend against cyber-attack was essential for retaining trust, reputation and long-term sustainability, he said.

“Sadly, it’s almost inevitable that there will be a major leak from the not-for-profit world, and when that happens it will be important to respond strongly and with a unified voice,” said Mr Duggan.

“Our sector, rightly or wrongly, has a strong reputation for good intentions but not a great one for cyber security skills. We must not sacrifice our trust for short-term savings.”

St Vincent’s Health was attacked, not one specific hospital.

The most recent study by Infoxchange, Australia’s leading authority on tech in the not-for-profit sector, revealed 12% of not-for-profits suffered a cyber security incident in the past year, suggesting tens of thousands of organisations were affected, and less than a quarter had introduced processes to manage risks.

Not-for-profits with an annual turnover of more than $3 million are required to report data breaches to the privacy watchdog, the Office of the Australian Information Commissioner (OAIC).

The Australian Charities and Not-for-profits Commission (ACNC) – the charities regulator – said that all not-for-profits and charities should take action to strengthen their defences.

Commissioner Sue Woodward said the issue should be high on agendas.

“I urge directors of all charities and not-for-profits, no matter how small, to make it a priority to strengthen their strategies and procedures to reduce potential harm from cyberattacks, such as data breaches.”

This is an extract from an upcoming not-for-profit trends special report to be published in the February edition of Community Directors Intelligence. The newsletter is free for ICDA members.

More information

Experts warn of fundraising pain
Report a technology wake-up call for the NFP sector
Charities in fear of cybercrime: reportMass charities data breach prompts warnings about outsourcing fundraising