icon-download-alt
Go to the homepage of Stories of Purpose
How to prevent 200+ NGOs in The Hague from shutting down after a cyberattack

Behind the story Security

How to prevent 200+ NGOs in The Hague from shutting down after a cyberattack

Imagine the Red Cross or another NGO, having received millions of aid donations after an earthquake, hurricane or other disaster, being attacked by cyber criminals. All computers down. No aid possible until the ransom is paid. Disastrous. The CyberPeace Institute helps NGOs all over the world fend off cyberattacks and build their cyber resilience. From now on, all 200+ humanitarian NGOs in The Hague can join its programme for free.

3 min read 4 Oct Download text

More than 1 billion people across the world receive vital support and services from non- governmental organizations (NGOs). These organizations are enormously vulnerable for cyberattacks because of their core focus to help. Only 1 in 10 NGOs are training their staff in cybersecurity. That makes most of them easy targets. All over the world hundreds of cyber attacks have been reported on all kinds of aid, humanitarian and health care organizations.

background

No ethics among cybercriminals

Why? They have sensitive data on vulnerable people and often a low level of cyber security. “They are being attacked from all directions, becoming targets of both criminals and state actors”, says Stéphane Duguin, CEO of the CyberPeace Institute. “If you are a criminal, you do this for the money. As soon as there is a crisis or a disaster, NGOs suddenly are very rich, because of all the donations. That’s when cybercriminals prevent them from working by launching a ransomware attack. They don’t care who they attack and sometimes they don’t even have a clue who they attack. There is no ethics among cybercriminals.”

highlights

Disastrous consequences

NGOs are amongst the most targeted. “Why? Because they are holding very sensitive data, for instance about refugees in Ukraine or food security in Afghanistan. Those data can be very valuable”, Duguin explains. Such cyber attacks have disastrous consequences. For example, in case of a ransomware attack, an entire computer network can be shut down until the ransom money has been paid. Most NGOs are afraid the public will stop donating if such an attack becomes public and it gets known that aid donations are funding criminals.

Attacks in the news

Some cyber attacks, however, do make the news. For instance the cyber attack that hit the International Red Cross (ICRC) in January 2022. Hackers managed to steal the personal data and confidential information of 515.000 vulnerable people. In 2020, NGO Roots of Peace, transforming mines to vines with local people in Afghanistan, was tricked into wiring 1.34 million US Dollars to a Chinese bank account. The cybercriminals impersonated the CEO, leaving the NGO ashamed and devastated. 

“Since then, they have been struggling to keep operations up”

Duguin says.
background

NGO supporting NGOs

For two decades Duguin has fought cybercrime at Europol in The Hague. He led the creation of the European Cybercrime Centre and the major international counter cybercrime, terrorism and hybrid threats operations, investigating threat actors deploying cyberattacks, illegal content and disinformation techniques. He was recruited in 2019 by the CyberPeace Institute, which provides free cybersecurity assistance for the most vulnerable organizations. Like an NGO supporting NGOs.

The institute brings together partners, experts and volunteers to help humanitarian and development NGOs prepare for, defend against and recover from cyberattacks. It collaborates with cybersecurity and technology partners to develop an understanding of the cybersecurity threat landscape of vulnerable communities. It provides advanced warning of threats to reduce their impact and harm, and informs policymakers and authorities, urging them to regulate cyber security and hold criminals accountable.

High risk of losing lives

The CyberPeace Institute was founded in 2019 by both philanthropic and corporate organizations: the William & Flora Hewlett Foundation, Mastercard, Microsoft and the Ford Foundation. It is based in Geneva, and has people stationed in its office in The Hague. It started with helping the healthcare sector.

“During Covid-time there was a huge increase of cyber attacks against health care. That’s why this was the first community we decided to help”

says Duguin.

Since June 2020 the institute recorded over 500 incidents in healthcare, mostly disruptive cyberattacks and ransomware, with potentially devastating consequences to the people being treated. In lots of countries healthcare is delivered by NGOs. That’s why the institute started looking at the vulnerability of NGOs. “Our core focus now is on humanitarian organizations, because if they are under attack, the risk of losing lives is very high. At the same time they have a very low level of cybersecurity”, Duguin states. Today, the CyberPeace Institute is helping almost 200 NGOs build their cyber resilience and fend off cyberattacks.

Corporate volunteers helping NGOs

To do this, the institute created the CyberPeace Builders. This programme gathers cybersecurity experts from the private sector, to offer their skills and to work as volunteers with NGOs around the world. So far 656 volunteers from 44 companies have put in 1.126 hours to help 167 NGOs.

Duguin: “At the CyberPeace Institute there are only 30 of us and we want to help NGO’s by the thousands. NGOs can access all kinds of tools for cybersecurity, but they are missing the workforce to do so. On the other hand a lot of private sector companies hire cybersecurity experts who are more than happy to do more. We created a programme that mixes both. We sign contracts with their companies for a couple of volunteering hours, which we can allocate directly tot NGOs. Our objective is to help 1000 NGOs by the end of 2025.”

LAUNCH

ONE Conference: Europe’s prime cybersecurity event

To expand the programme, the CyberPeace Institute is looking at The Hague. As the ‘International City of Peace and Justice’, The Hague has a long-standing tradition of protecting the rule of law. That’s why The Hague is hosting and organizing the annual Cybersecurity Week with ONE Conference as Europe’s prime cybersecurity event. This year’s Cybersecurity week was from 2 till 5 October. This week many activities will take place and the event attracts cybersecurity professionals from all over the world. The municipality helps local organizations with their cybersecurity on a very hands-on an effective level at the municipality of The Hague itself.

Official launch of Cyber Secure The Hague: NGO Support Program at ONE Conference at October 4 2023 WorldForum
background

Cyber Secure The Hague: Cybersecurity for NGOs

To help more NGOs become cybersecure, the CyberPeace Institute has been working with The Hague Humanity Hub, the Dutch Institute for Vulnerability Disclosure (DIVD) and the global Computer Security Incident Response Team (CSIRT.global) in a cybersecurity project for NGOs, co-funded by the City of The Hague: Cyber Secure The Hague: Cybersecurity for NGOs. The programme started with giving free training, tools and advice to 10 NGOs, to help them become more cyber resilient. Today at the ONE conference, it was announced that the programme will be open to over 200 humanitarian NGOs in The Hague and its wider region. They can all join the CyberPeace Builders programme for free.

highlights

Why The Hague?

“We want to help NGOs in The Hague and we want to attract the interest of Dutch companies. That’s why we decided to start our first CyberPeace Builders chapter outside of Geneva here in The Hague”, Duguin says.

Mr. Jan van Zanen, Mayor of The Hague
“For more than a century now, we have been the city of peace and justice. The home of international institutions surrounded by an extensive network of businesses and organizations. This unique collection of organizations and institutions raises security issues. The urgency of this issue is something I experience daily. Non-governmental organizations, businesses and people must learn to deal with the opportunities and threats brought by digitalization. As a city, we are therefore launching a cybersecurity program for NGOs.”

Cyber Secure The Hague: NGO Support Program

For more information about the Cyber Secure The Hague: NGO Support Program

About the CyberPeace Institute

The CyberPeace Institute is a Geneva based organization protecting the most vulnerable in cyberspace. Independent and neutral, the Institute investigates and analyzes the human impact of systemic cyber threats, delivers free cybersecurity assistance, tracks the enforcement of international laws and norms and forecasts threats to Cyberpeace. Since October 2023 they are based in The Hague as well to support over 200 NGOs in The Hague directly.

About The Hague's Humanity Hub

The Hague Humanity Hub supports and strengthens the ecosystem for a more peaceful and just world. They facilitate connections and innovation by offering the necessary ingredients for chance encounters, new alliances, inspirational collaborations, and the exchange of knowledge. They strive to enable effective action through community, programmes, and The Hague Humanity Hub campus.

Press Release

Please Read the official announcement about the ‘Cyber Secure The Hague: NGO Support Program’ at #ONE2023 and the background of this non-profit consortium

Download the article

You can easily download the text of this article as a Word file to use freely for your own article or story. The images can be downloaded separately from the article.

Go to top