A new study conducted by the United Nations University Institute in Macau (UNU Macau) has found that local civil society organizations (CSOs) lack the resources, expertise, capability, and influence to effectively manage cybersecurity risks.
The study — co-authored by Christy Un, Mamello Thinyane and Debora Christine — revealed that, like other similar organizations worldwide, local CSOs regularly face various cybersecurity risks, including password mismanagement, hardware failure, phishing scams, and malware.
Despite increased cybersecurity awareness, the study found that the capability of these organizations to prepare for, defend against and recover from adverse cyber incidents is low. Few organizations were found to have relevant cybersecurity policies or procedures in place.
The study underscores that these organizations’ limited cybersecurity capabilities and vulnerable position within the local cybersecurity landscape could threaten their long-term operations.
Cybersecurity is a key concern as the reliance of these organizations on digital technologies is growing. Many are reliant on online tools for virtual meetings, data management, and the delivery of social care or support services, among other activities.
While digital transformation enables CSOs to become more resilient in times of crisis, it also creates increased cybersecurity risks.
Dr. Mamello Thinyane, Principal Research Fellow at UNU Macau said, “the lack of internal cybersecurity capacity and expertise in civil society organizations has led them [CSOs] to adopt ad-hoc and haphazard cybersecurity management practices.” He added, “We also observed significant gaps in the local cybersecurity landscape.”
Thinyane noted that these organizations occupy a precarious and vulnerable position which makes them more susceptible to risks from adverse cyber incidents.
The final report presents several recommendations to civil society organizations, as well as the government and communication and cybersecurity services providers, aiming to strengthen the cybersecurity support ecosystem for CSOs.
One of these recommendations urges the government to bolster existing cybersecurity response teams, develop cybersecurity solutions for CSOs, and provide them with capacity-building programs and cybersecurity-specific funding.
The report also recommends that the government actively engage CSOs in cybersecurity policymaking.
The UNU study is supported by the Macau Science and Technology Development Fund. Surveys and in-depth interviews with staff members of local social care and community-based organizations were employed in the study.
The report advises CSOs to undertake organization-wide cybersecurity capacity-building, adopt appropriate cyber-resilience management models and frameworks, and leverage partnerships and external support for cybersecurity.
It also recommends that communications and cybersecurity service providers define clear service level agreements for CSOs with commitments to specific cybersecurity targets.
No Comments