'Data Breaches are a State of Mind' Blog by IS Know How

5 minutes reading time (1036 words)

RNIB Hack - Hackers Have No Conscience and it's Time for the Third Sector to Act.

An image depicting a Security and Hacking Alert message

It came to light last week, that the Royal National Institute for the Blind (RNIB) suffered an attack on its website, specifically it's Online Store, which was breached on the 16th November, 2017. Up to 817 customers of the charity, which sells Assistive Products to persons who suffer Visual Impairment could have been affected, with "Fifty-five customers have already reported experiencing fraudulent activity of "ranging amounts."

According to reports in the Telegraph, "Police have launched an investigation after card payment details of customers of the Royal National Institute of Blind People (RNIB) were stolen by hackers in a cyber attack.​"

The charity was notified of the breach on the 24th November, however it was three days before it was resolved. Whilst of course no data breach in the first place is the holy grail but inevitably unlikely, lets also bear in mind that IBM Security​'s '2017 Cost of Data Breach Study' Independently conducted by Ponemon Institute LLC state that; "organizations were able to reduce the days to identify the data breach from an average of approximately 201 in 2016 to 191 days and the average days to contain the data breach from 70 to 66 days." 

Add to the growing importance of the speed that it takes to detect a breach in itself, coupled with the speed that businesses of all types, including Third Sector organisations have at their disposal and for handling a data breach, is increasing with the General Data Protection Regulation (GDPR) being enforced from 25th M​ay, 2018; where you are required to be in a position to report a breach accurately within 72 hours.

Lord Foulkes of Cumnock, a member of the Select Committee on Charities, described the attack as "horrible" and "more shocking" than the recent hack on Uber, which affected millions of people. He called for new Europe-wide regulation to tackle the problem.

He said: "It's not the numbers that matter its the vulnerability of the people and people who are less able to protect themselves. "It's a new low in this whole business."

Lord Foulkes of Cumnock​

The RNIB has reported the breach to the police and the Information Commissioner's Office (ICO), but the identity of the hacker is not yet known. The charity has contacted the people that they have thought to have been affected.

Sally Harvey, Chief Executive of RNIB, apologised for the "worry" the incident has caused and said;

"We take our responsibility for keeping our customers' details safe extremely seriously."

Sally Harvey, Chief Executive of RNIB​

Original Source:

...

Blind people defrauded in hack on RNIB website 

Blind people have been defrauded by cyber criminals after the RNIB website was targeted by hackers, The Daily Telegraph can disclose.

IS Know How's Further Thoughts:

It's not been detailed as to the exact nature, or attack type used, so we can't really comment on it's specifics at this time. 

However, what we can say, is of course incredibly difficult to say so frankly and to all Third Sector organisations, that no matter what your legal structure chosen, or the income band that you strive for year on year is - Charities, Social Enterprises or Not-for-Profits need to 100% appreciate, that "it is not a case of when you will experience a hack event on your organisation in some capacity and suffer a resulting data breach, but when!".

IS Know How is acutely aware, as we ONLY serve Third Sector organisations that where funding is concerned, this often delivers a consistent struggle and concerns about income generated. Whilst those that are regulated by the Charity Commission for example, they advise that "Reserves - the funds a charity keeps in reserve - can strengthen a charity's resilience against, for example, drops in income or the demands of a new project." 

Funds may well be tight, you rightly have so much to carry out with your set budgets but the simple fact of the matter and when all is said and done, is that just as with various well known everyday operational expenditures, such as different insurances, telephony or broadband contracts amongst other expenses items; Data & Cyber Security is fast becoming a must, it cannot be seen anymore as a luxury... can you begin to put this in place, possibly from your organisations 'Reserves' for the first year. Then for subsequent years, you have the opportunity to build such reputation mitigation requirements, into future funding applications, or inventive financial structuring within your organisation moving forwards.

Therefore, your organisation and it's management level personnel, including board of trustees and of course any IT team members, need to visualise the short, medium and long term benefits to your organisation by beginning today, or furthering your Data & Cyber Security Mitigation, if you are already implementing elements. On the other hand, rest assured that the picture is often a much bleaker one, if you experience a data breach of any Personally Identifiable Information (PII) and especially if it contains 'Sensitive PII', just from subsequent 'Reputational Damage' alone.

What IS Know How tries to convey is, "How would you feel, if your own data was breached in anyway, from one of your current domestic expenditure item providers?" The vast majority of humanity, would feel hugely aggrieved, disgusted, emotional, concerned both short, mid and long term, with no doubt many other effects for good measure. So, do ask yourself, "Should it be any different for your organisations various stakeholders, including personnel, clients and suppliers?"

Of course it shouldn't, so with this in mind; there is another just as important 'Resilience' that Third Sector organisations truly need to factor for and on an increasing basis, to run on a parallel to the above, which is 'Data & Cyber Security Resilience'.

'MITIGATION' DEFINITION: NOUN

1.
THE ACTION OF REDUCING THE SEVERITY, SERIOUSNESS, OR PAINFULNESS OF SOMETHING.

IS Know How can provide your Charity, Social Enterprise or Not-for-Profit with several types of 'Proactive & Affordable Cyber Resilience Services', which are 'Fully Managed, So You Don't Have To' that can be deployed to cover Desktop & Server Endpoints, Email Mitigation, along with Website DDoS Mitigation and you can see those detailed below.

If there is anything else at all that you would like to enquire about, please Call Us on: 02921-679-021 during business hours, or alternatively open a New Support Ticket 24x7x365, and we will respond as promptly as possible. ​

We look forward to engaging with your Third Sector Organisation, where we combine the 'Complexity of Cyber Security, with the Simplicity of your organisations risks being Managed For You'.

Merry Christmas & A Happy 'Increased Mitigation' New Year, from all at IS Know How.

0
Several Thousand Websites Hijacked via Accessibili...
Winter 33% Discount Offer on Managed Cyber Resilie...

Related Posts