With increased digitalisation, (international) civil society organisations – (I)CSOs – have faced an increase in digital threats and cyberattacks carried out by malicious actors interested in financial gains and access to sensitive data or identifiable personal information. In recognition of this growing challenge, we are taking a closer look at cybersecurity in the civil society sector.
In partnership with the CyberPeace Institute, we have expanded the Solidarity Playbook – a collection of case studies and best practices – to feature four case studies on cybersecurity that share examples of how (I)CSOs have dealt with actual cyberattacks.
This case study collection aims to make the (I)CSOs’ experiences, strategies, and lessons learned available for other civil society actors who have faced or might face similar cyberattacks and challenges in the future. The cases provide first-hand accounts of how (I)CSOs responded to attacks and insights into how organisations can prevent and mitigate similar incidents. The case studies provide relevant information for anyone working at an (I)CSO, regardless of their department as cybersecurity needs to be a shared responsibility.
The collection of four case studies represents a snapshot of several cybersecurity incidents: a phishing attack that hijacked an organisation’s social media account; a spear phishing attack that targeted employees’ email accounts over six weeks; a brute-force attack that featured a high volume of attempted logins; and a ransomware attack in which attackers exploited a server vulnerability to hold an organisation’s data hostage.
The Union for International Cancer Control faced a social media phishing attack, which resulted in the hijacking of the World Cancer Day Instagram account. Although the team had received phishing emails in the past, the sophisticated nature of this attack made it difficult to recognise as a phishing attack.
Transparency International experienced a sustained and sophisticated phishing attack, which was detected through a sharp increase in failed attempts to log in to organisational email accounts. Over a six-week period, the IT team at the Secretariat responded to this persistent effort to breach the organisation’s systems.
The organisation working in the humanitarian sector was targeted by a brute-force attack through their webmail, followed by targeted phishing emails. With support from an external cybersecurity company and in cooperation with the organisation’s management and staff, the IT team managed to avert this intense attack.
The global non-profit organisation was attacked by a hacker group to extort a ransom. The team mobilised internal experts and additional help through the organisation’s cyber insurance provider to negotiate with the attackers, counter the threat, and restore the organisation’s data.