Cybersecurity Community: Fighting Back for Social Good

by Oseloka Obiora

The pollution hand and effective management with netzero symbols - renewable energy, reduced CO2 emissions, green production, and waste recycling in business, net zero carbon.

Cybersecurity brings indispensable benefits to any company. From protecting customer and employee data to preventing costly malicious attacks, cybersecurity tools and practices provide vital services in our increasingly digitized world.

But cybersecurity can be used to achieve greater and more wide-ranging goals than protecting an organization’s digital environment. In this blog, Oseloka Obiora, CTO at RiverSafe shares how the global cybersecurity community is fighting back against the rising tide of digital threats, and putting its skills and expertise to use for social, environmental, and geopolitical good.

“As more and more of our lives go online, the scope for cyber-attacks expands. Every single person on the planet is at risk, directly or indirectly, from cybercrime. A business having its data breached, or an individual falling victim to identity fraud, is bad enough—but the reality is that today potential repercussions of cyber-attacks extend far beyond fines and damaged reputations.

In its 2022 Global Risks Report, The World Economic Forum lists cybercrime as one of the biggest threats facing society in the next decade. The report cites our growing dependency on digital systems as intensifying the potential risk, alongside “lower barriers to entry for cyber threat actors, more aggressive attack methods, a dearth of cybersecurity professionals and patchwork governance mechanisms.”

“Attacks on large and strategic systems will carry cascading physical consequences across societies,” the report goes on, “while prevention will inevitably entail higher costs. Intangible risks—such as disinformation, fraud and lack of digital safety—will also impact public trust in digital systems.”

So how can we fight back? Here are just a few ways in which cybersecurity tools and processes are being employed to make our world a better place for all.

Crime prevention

Every day, people and businesses of all shapes and sizes are targeted by cybercriminals out to profit from the misery and misfortune of others. And it’s not only corporations that suffer when a data breach occurs. Customers, employees, partners and suppliers can all suffer as a result. People may have their identities or assets stolen, suffer lasting reputational damage that hobbles their business, or even lose their jobs.

According to Cybersecurity Ventures, global cybercrime costs are expected to grow by 15% per year, reaching $10.5 trillion USD annually by 2025. This colossal transfer of wealth massively outstrips the cost of damage caused by natural disasters every year.

There’s a psychological toll too. A study by Norton found that 65% of respondents who had experienced cybercrime reported feeling anxious or stressed as a result, while 37% reported feeling violated.

But advances in cybersecurity are helping individuals and organizations alike defend themselves against these attacks, and ensuring that people and their assets are protected.

Protecting good causes

Charities play a crucial role in society, providing vital services to those who may not otherwise have access to them. Charities support huge numbers of people across every community, saving lives and making a difference every day.

Unfortunately, charities are a prime target for cybercriminals. There are a number of reasons why many criminal organizations prey on charitable organizations. Firstly, as charities are reliant on public donations, their systems are almost guaranteed to hold financial information from donors, making this data easy pickings for hackers.

Secondly, many charities operate on a tight budget and may be reluctant to invest in cybersecurity. Lastly, charities are often supported by a high number of part-time or volunteer staff, making it more difficult to instill proper cybersecurity awareness across its entire workforce.

In 2021, the UK government’s Department for Digital, Culture, Media and Sport published its Cyber Security Breaches Survey, which found that more than a quarter of charities had experienced some kind of cyber breach in the last year.

The long-term impact of cyber-attacks on non-profits can be monumental, hampering not only their ability to deliver services, but also reducing trust in the organization, which can deter people from accessing services and lead to a loss of donations.

In January last year, for example, the International Committee of the Red Cross suffered a cyber-attack that compromised the sensitive data of more than 515,000 vulnerable persons. This encrypted data included information about those separated from their families due to conflict, migration and disaster, missing persons and their loved ones, and people in detention.

The ICRC’s anti-malware tools detected and blocked parts of the attack, but a missed patch allowed a number of malicious files to bypass its defenses. The installation of new endpoint detection and response (EDR) tools eventually detected the breach, and further cybersecurity enhancements were fast-tracked to protect ICRC’s systems from evolving threats.

But the cybersecurity industry is stepping up to protect charities and non-profit organizations, making sure they can keep doing great things.

Take Hackers for Change, for example, a volunteer group that offers free cybersecurity services to Canadian charities and non-profit organizations. Based in Toronto, Ontario, the group provides good causes with industry-quality cybersecurity services for free.

Non-profit digital rights group Electronic Frontier Foundation offers access to free security tools for nonprofits, helping to defend them against threats to privacy and security online.

Safeguarding public infrastructure

Every day, we put our trust in public infrastructure to deliver the services we need to live our lives. The continued operation of water, power and telecommunications systems, as well as transport infrastructure like roads and bridges, are all critical to our safety and wellbeing.

It’s the job of state and local governments and the private sector that supports them to secure access to and control of these crucial pieces of infrastructure—and yet often they don’t have the resources to adequately protect them. When this infrastructure is compromised, the effects can be devastating.

Recently, a study by Trend Micro Incorporated revealed that “89% of electricity, oil and gas, and manufacturing firms have experienced cyber-attacks impacting production and energy supply over the past 12 months.”

IBM’s annual Cost of a Data Breach Report found that reveals that ransomware and destructive attacks accounted for 28% of breaches within critical infrastructure organizations, “highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations”.

We’ve seen a growing number of these kinds of attacks in recent years. In 2021, South Africa’s ports were almost completely shut down following a four-day-long ransomware attack. Affected ports included Durban, the busiest shipping terminal in sub-Saharan Africa which handles 60% of South Africa’s container traffic.

One of the biggest cyber incidents to hit headlines lately was also the result of a ransomware attack. When the United States’ Colonial Pipeline was attacked in 2021, operations shut down for several days. The shutdown grounded flights, drove up petrol prices, and resulted in panic-buying at fuel pumps across the country. In the aftermath of the attack, the U.S. Government issued an executive order directing government agencies to take proactive steps to bolster cybersecurity.

More recently, satellite communications provider Viasat was struck, causing outages across Europe. Although the attack was intended to target the Ukrainian army, it also impacted internet services for tens of thousands across Europe and disconnected remote access to 5,800 wind turbines across Germany.

Cybersecurity is also playing a hugely important role in fighting climate change by protecting the advanced technology systems helping us be greener. This includes securing smart grid technology that uses real-time data and analytics to optimize the production and distribution of electricity, and ensuring accurate emissions data by preventing fraud in carbon offset markets.

Ensuring health and safety

An incredibly data-led industry, healthcare is particularly susceptible to data breaches. These breaches can have a significant impact on people’s health and wellbeing—and they’re not uncommon. A study by Black Book Market Research found that 96% of healthcare organizations had experienced at least one data breach in the past two years, with 71% of breaches resulting in the loss or theft of patient data.

The 2017 WannaCry ransomware attack spread across 150 countries and brought the UK’s National Health Service to a standstill, costing the NHS £92m in ransom money and lost services. Around 19,000 patient appointments were canceled, operations were delayed, ambulances were turned away, and patients were unable to get their prescriptions.

The incident served as a catalyst for urgent improvement to the NHS’ digital infrastructure, with the organization investing millions of pounds in security upgrades to increase resiliency against further attacks.

Cybersecurity is also helping vulnerable people in difficult situations stay safe, with nonprofits like the National Network to End Domestic Violence offering cybersecurity resources and training to help survivors protect their online identities.

Attacks that threaten our health and safety can take much more pointed and aggressive formats too.

In 2021, a hacker accessed the computer system at a water treatment plant in Florida, using remote-access software TeamViewer to take control of the device.

The intruder then attempted to poison the water supply by increasing the amount of caustic sodium hydroxide in the water to 100 times the normal levels. Also known as lye, sodium hydroxide poisoning can cause burns, vomiting, severe pain, and bleeding. The attack could have affected up to 15,000 people, had the issue not been rectified before the poisoned water reached the city’s population.

Tighter cybersecurity and implementation of best practices are key to avoiding this kind of unauthorized access in the future. For example, security professionals strongly advised segregating IT and OT networks for better security, in addition to limiting all connections from operational technology systems to the internet.

Supporting education and prosperity

Anyone working in cybersecurity will know that human behaviour is one of the most challenging factors to tackle when it comes to securing digital systems.

Education around cyber threats is vital to keep both individuals and organizations protected, but it can also have a hugely positive effect on inclusivity and social development.

If we are to continue using cybersecurity for good, we need more people to join the cause. There’s a big talent shortage in the cybersecurity space, but there are many organizations aiming to close this gap while also giving those typically underrepresented in tech the chance to seize opportunities in our growing industry. CyberQ Group, for example, partners with a skill-building program in the Philippines that works to champion the education and participation of women in cybersecurity.

Defending democracy

In the past decade, we’ve witnessed a spike in geopolitically motivated cyber-attacks designed to destabilize and discredit governments or interfere in democratic processes.

Malicious actions by nation-states have had a big impact on high-profile elections. In addition to well-documented meddling in the United States’ most recent presidential election, and in the UK’s Brexit referendum, countries in every corner of the world have been hit by bad actors.

In 2017, the campaign of French presidential candidate Emmanuel Macron was targeted by hackers that leaked confidential campaign emails and documents in an effort to damage Macron’s campaign. Later, in 2021, Myanmar’s military launched a coup and overthrew the democratically elected government, shutting down internet access and social media platforms aiming to silence dissent and prevent the spread of information.

Thankfully, there are ongoing efforts within the cybersecurity space to prevent political interference and safeguard democracy across the globe.

For instance, Microsoft offers a service known as AccountGuard to protect US political campaign organizations and others from spoofing, helping to limit the spread of disinformation. Similarly, Security Scorecard offers out its security rating platform to organizations dedicated to democracy and other noble causes, enabling them to assess and improve their cybersecurity posture.

And since 2014, Cloudflare has offered free protection against distributed denial-of-service (DDoS) attacks for at-risk public interest websites. Through Project Galileo, sites run by organizations that defend and promote human rights, civil society and democracy are eligible for free, robust security tools to prevent DDoS and other cyber-attacks.

Cyber-attacks do substantial, lasting harm to economies both global and local. They can derail democratic processes. And they can prevent vital services from being provided to those who need them. Clearly, cybercrime is a leading threat not only to fiscal success, but also to our ability to make the planet a safe, healthy, and fair place for everyone on it.

But together—through education, awareness, and continuous innovation—we can fight back against bad actors and secure our future.”

Find out more about how RiverSafe is supporting sustainable security transformation.

By Oseloka Obiora