Trends and impacts

Cybersecurity incidents affecting humanitarian organizations

- DDoS attacks targeting NGO websites
- Email account compromise and identity theft
- Unauthorized access to sensitive databases
- Disclosure of personal information of beneficiaries and staff
- Humanitarian consequences of attacks on critical infrastructure
- Use of information as a weapon in conflict
- Risk of espionage and information manipulation by state actors
Types of common attacks (ransomware, phishing, etc.)

- Ransomware
- malicious software that encrypts an organization's data and demands payment for its release
- Phishing
- fraudulent emails impersonating legitimate organizations
- Brute force attacks
- access attempts by successive password attempts
- Malware
- malicious programs aimed at compromising computer systems
- Targeted attacks by state actors or state-sponsored groups
- Cyber-espionage and theft of sensitive information
- Sabotage and data destruction
Evolution of cyber threats over time

- Increased automation of attacks
- More sophisticated and organized cybercriminals
- Increased use of social networks to conduct disinformation campaigns
- Growth in attacks targeting mobile devices and the Internet of Things (IoT)
- Increasing involvement of state and non-state actors
- Cyber conflicts and the use of cyber warfare as an instrument of power
- Development of new tactics and techniques for cyberattacks
Financial and operational impact of cyberattacks

- Recovery and remediation costs after a successful attack
- Disruption of humanitarian services and operations
- Loss of donor and partner confidence
- Damaged reputation and potential legal consequences
- Indirect costs related to loss of trust of beneficiary populations
- Diversion of resources to deal with cyber attacks
- Security risks to employees and beneficiaries if sensitive information is disclosed