Senate to probe impact of ATO tax changes on NFPs
Posted on 19 Sep 2024
The not-for-profit and community sector has welcomed the decision to conduct a Senate inquiry into…
Posted on 30 Jul 2024
By Matthew Schulz, journalist, Institute of Community Directors Australia
Not-for-profits appear to have escaped the worst of the CrowdStrike IT meltdown earlier this month that caused a worldwide shutdown of Windows-based computers that used the software.
Early this week, CrowdStrike security software confirmed that 97% of Windows “sensors” were now back in action, but not before an estimated $1 billion loss by businesses in Australia.
Charities were less affected because, ironically, the cost of CrowdStrike is prohibitive for many in the sector, according to the Community Council for Australia (CCA), which believes the incident highlights the cyber threat for a sector struggling to raise enough funds to invest adequately in security, ‘system hygiene’, privacy and data management.
CCA chief executive David Crosbie told the Community Advocate that the federal Labor government had taken to the last election a promise to support the not-for-profit sector in bridging the technological divide, but that the sector was still waiting for that support.
“We are hearing that many charities face a doubling of IT costs as they try to manage security and data risks, let alone invest in growing their impact through digital transformation,” Mr Crosbie said.
“Governments in so many ways rely on our work – and say they support us – yet we see no investment in supporting this critical capacity for the sector. It’s time that changed.
“We are seeing the technology divide grow in both breadth and risk, with more and more cyber-criminals seeking a weakness they can exploit.”
Technology for social justice outfit Infoxchange agreed that the CrowdStrike incident highlighted the need for the federal government to provide more support to the sector.
Chief technology officer Alison Ramsay said “bad actors trying to capitalise on the chaos” continued to be a threat, after former Home Affairs Minister Clare O’Neil warned scammers had been swift to attempt to exploit the situation by offering fake updates and fixes.
“We're renewing our calls on the Federal Government to address the critical needs of the not-for-profit sector who have once again been left without the capacity to respond effectively to this incident,” Ms Ramsay said.
And while the latest incident was not a deliberate hack, Infoxchange’s most recent Digital Technology Report found the sector remained highly vulnerable to cyberattacks, with one in eight not-for-profits suffering a cybersecurity incident or breach in the past year, and with only a handful having plans, policies or training to avoid such attacks.
Ms Ramsay urged organisations to educate staff and volunteers about the need to avoid clicking on links in emails, text messages or messaging platforms in relation to the CrowdStrike outage.
“Always go to official sites, even if the link looks legitimate,” she said.
And even though the outage was caused by a failed software update, she said, “it is still critical to install security updates on devices”.
“If you disabled updates during this incident, it is important that these are re-enabled to keep devices secure and up-to-date,” she said.
“We're renewing our calls on the Federal Government to address the critical needs of the not-for-profit sector who have once again been left without the capacity to respond effectively to this incident.”
Nik Devidas, from the 4Walls cybersecurity service – which in conjunction with ICDA will be conducting cybersecurity governance training for NFP directors later in the year – suggested that CrowdStrike should have known about problems with the update, given that a Linux update in June caused a similar “blue screen of death” problem.
But he said the incident should prompt all not-for-profits to develop “robust, multi-layered security approaches and well-tested incident response strategies”.
He said organisations should ensure they have a strategy that includes a disaster recovery system, including regular backups stored in secure locations.
This could include avoiding a reliance on one IT vendor, which could create a “single point of failure”. It could even include developing a “pen and paper option in case your technology completely fails,” he said.
He said organisations should implement “a well-documented and tested incident response plan” and conduct drills to test those plans.
Mr Devidas said the global outage was unusual in that CrowdStrike’s high-level access to systems ironically triggered the shutdown of systems it was designed to protect.
He said no system was immune to failure, but organisations could mitigate risks by testing updates on a small scale before a wide rollout and maintaining good communication with software suppliers.
“The silver lining of this incident will be a heightened focus by vendors to thoroughly test before releasing updates,” he said.
Posted on 19 Sep 2024
The not-for-profit and community sector has welcomed the decision to conduct a Senate inquiry into…
Posted on 18 Sep 2024
The Australian Greens have written to the national charity regulator demanding it deregister the…
Posted on 18 Sep 2024
Opposition Charities spokesperson Dean Smith will today attempt to kickstart a Senate inquiry into…
Posted on 17 Sep 2024
Love him or loathe him, departing NDIS minister Bill Shorten has been a solid supporter of the…
Posted on 17 Sep 2024
Every Australian student deserves access to a quality education, no matter where they live or their…
Posted on 17 Sep 2024
The crowded fundraising landscape means organisations trying to raise money for a good cause must…
Posted on 17 Sep 2024
Funding for local not-for-profit (NFP) and community groups that support areas affected by drought…
Posted on 17 Sep 2024
Eduardo Maher has seen first-hand the negative effects climate change has wrought on his community…
Posted on 17 Sep 2024
Many older Australians from migrant backgrounds are severely disadvantaged when it comes to…
Posted on 17 Sep 2024
Improving the sometimes-fraught relationship between the not-for-profit (NFP) sector and government…
Posted on 16 Sep 2024
Philanthropists are increasingly shooting for the moon in their efforts to make a lasting impact.
Posted on 16 Sep 2024
September 18 is Childhood Dementia Day. With many Australians unaware that thousands of children…