How targeted digital attacks put data at risk – and what funders, organisations and tech companies can do about it

/ November 17, 2014

Citizen Lab has just published a detailed study of how targeted digital threats affected 10 civil society organisations over a four-year period. The report contains a wealth of information that organisations could include in a threat model when planning a project (see p.35 of the RDF book Ways to Practise Responsible Data for more).

It also gives a set of practical recommendations:

For civil society organisations

  • Document precisely what happened, preserving attack vectors, malware, or compromised devices for analysis and digital forensics.
  • Collectively respond to attacks with other civil society organisations.
  • Involve funders in collective efforts, communicating with them regularly about security issues and incidents

For funders

  • Develop programs and funding lines to help grantees make measurable improvements in their organisational security.
  • Increase your knowledge of the scale of previous compromises within major funding organizations.
  • Consider your responsibilities to your grantees and partners concerning disclosure of breaches.

For technology companies

  • Understand how civil society organisations use your services by communicating with them (discreetly if necessary).
  • Provide free/reduced-cost software licences to civil society organisations.
  • Consult staff and management to ascertain interest in pro bono programs, and begin thinking through reputational risks and how they might be mitigated.

About the contributor

Tom started out writing and editing for newspapers, consultancies and think tanks on topics including politics and corruption in sub-Saharan Africa and Asia, then moved into designing and managing election-related projects in countries including Myanmar, Bangladesh, Rwanda and Bolivia. After getting interested in what data and technology could add in those areas and elsewhere, he made a beeline for The Engine Room. Tom is trying to read all of the Internet, but mostly spends his time picking out useful resources and trends for organisations using technology in their work.

See Tom's Articles

Leave a Reply

Related /

/ May 17, 2019

From Consensus, to Calls to Action: Insights and Challenges From #5daysofdata

/ May 17, 2018

Why accessibility matters for responsible data: resources & readings

/ January 24, 2018

RD 101: Responsible Data Principles