Inclusive digital financial services — such as mobile wallets, online banking, and microcredit — enable access to affordable, relevant, and appropriate financial products and services.
Organizations working on financial inclusion — including nonprofits whose core mission is to provide access to financial services for underserved populations — play a vital role in empowering communities.
In fact, the expansion of digital financial services has made technology a central enabler of impact. This increased capacity for impact, however, also presents a source of new vulnerabilities that nonprofits need to address to securely support their communities.
The CyberPeace Institute's Cyber Resilience for Financial Inclusion report focuses on the importance of cyber resilience for organizations working in the financial inclusion sector in the Asia Pacific (APAC) region, highlighting both vulnerabilities and solutions. The report leverages data from 95 organizations, many of which are civil society organizations and nonprofits.
Building Nonprofit Cyber Resilience
Below are some of the key findings from the CyberPeace Institute’s report, as well as practical recommendations for both organizations and policymakers to strengthen cybersecurity defenses and promote digital safety.
Security Vulnerabilities Are Widespread
The report found that many organizations had security gaps leading to vulnerabilities that can affect organizations in the financial inclusion sector and the communities they serve. Some 67 percent of organizations experienced at least one vulnerability related to insecure configurations, which can increase the likelihood of a cyber incident. Other vulnerabilities include Transport Layer Security (TLS) certificates, email security misconfigurations, and Domain Name System (DNS) misconfigurations.
These security gaps can result in cyber incidents such as malware infections or cyberattacks, which can affect the ability of these nonprofits to operate. This impact on business continuity can in turn have direct impacts on the populations they serve. The widespread nature of these threats reinforces the importance of identifying security gaps and prioritizing security hygiene.
Recommendations: Organizations should improve their security hygiene, which includes enhancing patch management, implementing email security standards, and closing unused ports. Organizations can use a combination of awareness training on cybersecurity, improving the configuration of systems, the use of multi-factor authentication (MFA), and regular security assessments to protect against technical security challenges and vulnerabilities.
Leaked Credentials and Malware Infections Are Prevalent Threats
The vast majority of organizations had their credentials exposed online. Leaked credentials mostly originated from malware and resulted in hundreds of thousands of leaked records. The implications of malware infections and leaked credentials include threat actors gaining access to organizations’ emails, platforms, and data. That in turn can result in ransomware attacks and phishing.
Recommendations: Enhancing digital safety capacity by training staff on digital safety can help to build cyber resilience. This includes awareness training on how to identify risks like phishing and malware. Organizations should also implement MFA, conduct regular password audits, create password policies, and encourage the use of password managers. In addition, organizations should avoid suspicious links and attachments, back up data regularly, and ensure that adequate backup strategies include storing offline, encrypted backups in addition to digital backups.
Cyber Incidents May Be Underreported
The report found that many cyber incidents are likely not reported, which means the scale of cyberthreats and their impacts may be underestimated. Some organizations may choose not to report incidents for fear of reputational damage, while others may have limited knowledge about how to report threats.
Recommendations: The report suggests that organizations implement cybersecurity awareness training to help nonprofit staff identify threats. This training could be extended to educating nonprofit staff about how and when to report cyber incidents.
Partnerships for Cyber Resilience and Financial Inclusion
Financial inclusion depends on secure digital infrastructure and cyber resilience, and cyber resilience requires a multilayered approach. As outlined above, the CyberPeace Institute report offers practical recommendations for both organizations and policymakers to strengthen cybersecurity defenses and promote digital safety. Implementation of these recommendations will help to ensure that financial inclusion is not undermined by cyberthreats.
Among these recommendations is the need to leverage partnerships to build stronger cyber defenses. Partnering with other nonprofits and software providers can help organizations to share best practices, threat awareness, and solutions. The CyberPeace Builders program is an example of an initiative designed to enhance cyber resilience among nonprofits.
Enhance Your Cyber Resilience
Start building your organization’s cyber resilience by accessing our Essential Security Resources for Nonprofits, which include links to various cybersecurity tools, educational information, and training courses for nonprofits. Empower your nonprofit team to proactively build cyber defenses by enrolling in our on-demand digital security courses.
Learn more about the CyberPeace Institute and how it provides cybersecurity assistance, resources, and advocacy for nonprofits.
