With virtually every individual and organisation at risk of falling victim to cyber-attack, cybersecurity has become an integral part of protecting our lives and business processes. For non-profit organisations, specifically Australian Community Housing Providers, cybersecurity is more than just a technical investment.
It is a primary means of upholding their philanthropic vision in today’s digital society.
Community Housing Providers are faced with unique cybersecurity circumstances
Staying on top of cyber threat in today’s digital society is becoming an increasingly difficult feat across industries. For all Community Housing Providers (and other Not-for-profit organisations), this is a particularly challenging hurdle to overcome as the industry is known to have low maturity security controls. On top of this, security skills have long been hard to source and maintain. Even if these businesses have security teams, they are usually very small and constantly chasing threat – not staying ahead of it.
Cybercriminals see Community Housing as a lucrative sector
Malicious cybercriminals are after the vast amount of personal employee, donor and patron information that is held by Community Housing Providers and other Not-for-profits. Due to the industry’s reputation of lacking in security measures, cyber criminals frequently attack these organisations in hopes of exfiltrating this data for other exploits and selling it on the dark web.
Keeping attacks at bay is near impossible without a suitable strategy in place
Implementing a proper cybersecurity strategy (particularly one founded on expert knowledge of industry specific cyber-risk) is the first step to minimise the impact of a breach. Merely withstanding the debilitating effects of a breach and swiftly recovering operations is unfeasible for businesses without suitable controls in place. The cost of breaches and other security incidents is steadily rising – and the effects extend beyond financial repercussions.
Note: Data breaches are not only caused by external attack
Australia is in the top 3 countries with the highest percentage of breaches caused by malicious attack, with 57% caused by an external attacker and notably, 22% of incidents caused by human error. It is important to note that many business don’t recognise that outsider attacks are not the only source of cyber-threat and major risk is caused by a lack of internal security awareness.
This is particularly concerning because this industry operates on federal and state government funding and each dollar of these valued resources must be justified. Not-for-profits – and Community Housing Providers more specifically – cannot risk their missions being halted and funding funnelled entirely towards reactive remediation.
According to IBM’s Cost of a Data Breach Report 2020, the average cost of a data breach in Australia is just under $3 million – a 9.8% increase from last year’s figures.
What are the true costs of not having a cybersecurity framework in place?
The true costs of a breach and other security incidents are steadily rising. Under the Notifiable Data Breach Scheme, all organisations covered by the Privacy Act 1988 must notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) of a breach. They also can face a further fine of $2.1 million if they do not comply with proper reporting criteria.
It is important to note that a breached organisation will face more than just lasting financial repercussions. Breaches can lead to compliance, reputational and operational losses that hinder functioning. For Community Housing Providers, this means the inability to provide for the community they seek to serve.
Top Threats to Community Housing Providers
The three most common ways for hackers to compromise an organisation’s network are as follows:
1. Email Scams or ‘Phishing’
Phishing is the top method by which credentials are compromised. The hacker will pose as a trustworthy entity or colleague and compose a seemingly legitimate email. The email may contain links to fraudulent sites, malware attachments or encourage users to divulge credentials or monetary transfer. These email scams are so popular because they are so easy and cheap to deploy. They are also highly effective because they hinge on manipulating people – who are notoriously known as the weakest security link.
2. Malware – Ransomware
The term ‘malware’ refers to malicious software – such as ransomware, viruses and spyware – used by cybercriminals to damage their target’s network and disrupt operations. Ransomware encrypts files which are then used to extort money, and spyware is deployed for espionage and data theft purposes.
3. Exposed Systems
While hackers have taken a new focus on compromising human defences, this does not mean they neglect targeting your technological security perimeters. New system vulnerabilities are found daily and security gaps in unprotected and outdated systems allow cybercriminals a backdoor into your network and applications.
Proactive cybersecurity is key to minimising risk
It is essential to audit your people, processes, policies and technologies to keep your organisation and the people you support safe. Proactive cybersecurity efforts can help you avoid extensive repairs and huge losses. Implementing the proper protection and mitigation framework will fortify your systems and be more cost-effective in the long term. Effective cybersecurity will make it more difficult for adversaries to breach your information, reduce response time in the event of a security incident and optimise your reparation efforts.