Why the humanitarian sector needs to make cybersecurity a priority

“In the not-too-distant past, international organizations (IOs) and non-governmental organizations (NGOs) working on humanitarian initiatives largely depended on landlines and fax machines to communicate and convey data back to their regional hubs or headquarters.

Now, like most businesses, NGOs and IOs have invested significant funds in information and communication technologies to enhance their crisis management capabilities. For example, better and faster decision-making is achieved through capturing and analysing demographic data to identify vulnerable groups, online surveys have proven critical for water, sanitation, and hygiene teams in the delivery of population health services, and biometric-enabled digital vouchers have been instrumental in reducing errors and fraud in the payment of traders.

These changes make humanitarian aid faster and more efficient. Picking up these digital tools helps save lives. However, digital transformation has also made IOs and NGOs enticing targets for cyber attacks by criminals, terrorists, and authoritarian regimes. The reasons for this range from the purely financial – people in crisis make easy targets for scams and theft – to the political – digital is becoming another avenue to attack a regime’s perceived enemies.”

I recently joined with the World Economic Forum’s Centre for Cybersecurity to author this piece for the Davos Agenda.

This article examines the cybersecurity threats being faced by international organizations (IOs) and non-governmental organizations (NGOs), outlines some key steps they should take to counteract these threats, and touches on what the private sector can do to support IOs and NGOs in responding to these risks & challenges.

You can read the full article on the World Economic Forum website.

8 Pitfalls That Undermine Security Program Success

“Some of the biggest breaches have come down to small mistakes.

Hackers used a compromised password to access the company network via a virtual private network in the May 2021 Colonial Pipeline attack. A widely known vulnerability that hadn’t yet been patched was the entry point for the 2017 Equifax attack. And a bitcoin scam on Twitter started with spear phishing attacks on Twitter employees.

Of course, there’s no such thing as a perfect security program, but such events show that cybersecurity teams can’t afford to overlook anything.”

In this CSO Online article, I joined a number of security leaders to discuss eight easy-to-overlook pitfalls that can undermine an otherwise successful security strategy.

You can access the full article here!

Incoming ISACA Board Features Experienced Leaders, Diverse Backgrounds

Deeply humbled to have been elected to the incoming Board of Directors for the Information Systems Audit and Control Association (ISACA).

The organisation has been instrumental in my career development and success, and I am looking forward to collaborating with this brilliant group of professionals and serving the dynamic and diverse ISACA community.

You can view the official announcement here: https://bit.ly/2QkW5S6