sean brooks Profile picture
Jul 24, 2018 18 tweets 5 min read Twitter logo Read on Twitter
Over the last year @CLTCBerkeley has looked at the range of cyberattacks targeting civil society organizations and the existing ecosystem of support those orgs receive to counter these attacks. We’ve published our report today: /1
We focused our report on “politically vulnerable organizations” – in other words, orgs whose work makes them the focus of targeted cyberattacks as a means to achieve political ends (as opposed to criminal or mischief) /2
Previous research shows us that nonprofits in general suffer from poor cybersecurity posture. This is hardly a surprise – any type of IT investment is expensive, and only 1 in 11 IT professionals have any background in security. /3
As a result, resource-constrained civil society organizations are unlikely to have anyone on staff with the skills necessary to protect networks and endpoints, or to encourage staff adoption of better security practices. /4
While there have been recent high-profile examples of activists and journalists targeted with 0days, the vast majority of attacks faced by civil society start with simple phishing attacks. /5
Interviews with over 30 threat researchers, activists, and #cybersecurity professionals pointed to most attacks on civil society being of low technical sophistication, but using highly sophisticated social engineering tactics. /6
Other attacks were as you might expect, taking advantage of out of date software, unsecured websites and services, etc. /7
The theme remained the same: tech is expensive, and CSOs will focus on mission-driven priorities in tech infrastructure spending before security. Fortunately, there’s a growing ecosystem of organizations supporting civil society cybersecurity. /8
We looked at the work of over 100 nonprofits, companies, government agencies, and academic institutions to see what kind of help is available for orgs under attack. Here’s what we found (chart time!): /9
Most of the orgs helping defend civil society are NGOs themselves – and subject to many similar resource constraints as those they are defending. /10
The types of support provided are varied, and most orgs we reviewed provided more than one form of assistance. In general, the dominant methods were analysis and advocacy – direct technical assistance and publishing detailed data about attacks was rare. /11
The vast majority of the organizations providing cybersecurity support are in the North America or Europe, and the majority of the organizations they support are in the developing world. In many ways, this space looks very much like other areas of international development. /12
A few important takeaways about the state of direct technical assistance in cybersecurity: there are some organizations doing great work (such as @accessnow, @FrontLineHRD, and @opentechfund), but as NGOs, their ability to address the broad scope of the problem is limited. /13
The focus of existing technical assistance is most often on emergency assistance and attack recovery. This is critical work, but there’s little in the way of capacity building. (teach an org to phish, etc.) /14
Providing good cybersecurity assistance to civil society is challenging. Good support is tailored to context in order to find security controls appropriate to threats. Nonprofits are rarely able to adopt a robust, layered approach to security. Harm reduction is the goal. /15
(@evacide has a lot to say about this)
This is time-consuming, and there’s simply not enough people working in the space to address the problem at scale (if we assume the scale is “global civil society”). /16
We need new models to expand the existing community’s ability to share info, provide risk-informed security assistance, and to build the volume of professionals working to protect civil society. @CLTCberkeley has exciting news coming on this soon – so stay tuned. /end

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with sean brooks

sean brooks Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!