How targeted digital attacks put data at risk – and what funders, organisations and tech companies can do about it

TargetedThreats

Citizen Lab has just published a detailed study of how targeted digital threats affected 10 civil society organisations over a four-year period. The report contains a wealth of information that organisations could include in a threat model when planning a project (see p.35 of the RDF book Ways to Practise Responsible Data for more).

It also gives a set of practical recommendations:

For civil society organisations

  • Document precisely what happened, preserving attack vectors, malware, or compromised devices for analysis and digital forensics.
  • Collectively respond to attacks with other civil society organisations.
  • Involve funders in collective efforts, communicating with them regularly about security issues and incidents

For funders

  • Develop programs and funding lines to help grantees make measurable improvements in their organisational security.
  • Increase your knowledge of the scale of previous compromises within major funding organizations.
  • Consider your responsibilities to your grantees and partners concerning disclosure of breaches.

For technology companies

  • Understand how civil society organisations use your services by communicating with them (discreetly if necessary).
  • Provide free/reduced-cost software licences to civil society organisations.
  • Consult staff and management to ascertain interest in pro bono programs, and begin thinking through reputational risks and how they might be mitigated.
This can help you with: Responding to crisis
Issue areas: No categories

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

Published on: 17 Nov 2014
Discussion: Leave a comment