CISA recommends defensive measures for civil society organizations
CISA recommends cyber defence measures for civil society organizations with limited resources. The BSI also has something in its quiver.
A protected laptop.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The US Cybersecurity Agency CISA has published a guide to help civil society organizations with limited resources defend themselves against cyber threats. Although the German Federal Office for Information Security does not have a summarized guide, it does have some useful tips to help small organizations and consumers alike.
A 19-page PDF guide was written by CISA and other international cyber security and law enforcement agencies. In it, the authors state that civil society organizations are at high risk of attacks by cyber criminals, but often have little capacity to defend themselves against them. To this end, they describe the current threat situation and explain mostly simple countermeasures.
Civil society institutions at high risk
"Civil society, made up of organizations and individuals, including non-profit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident and diaspora organizations and communities working to defend human rights and promote democracy, is considered a high-risk group," explains CISA. These organizations and their staff are often targeted by state-sponsored cyber gangs that seek to undermine democratic values and interests, the agency continues. It recommends that organizations implement the suggestions for protective measures.
In Germany, the threat situation is naturally very similar. However, as many of those affected may find the English-language instructions too cumbersome, we asked the BSI whether it has any similar instructions and tips that are easy for small organizations and individuals to implement.
Simple instructions from the BSI
In response, a BSI spokesperson explained that there is no specific publication for civil society organizations from the German IT security authority. However, the BSI does issue numerous publications that simplify the implementation of cybersecurity measures, he added. These are also available for smaller organizations and individuals.
Initial assistance is provided by the "easy introduction" to the basic elements of cyber security, especially for SMEs (small and medium-sized enterprises). In addition to the easy introduction, there is also a more extensive set of instructions on the BSI's SME website. The checklists, flyers and step-by-step instructions are also suitable for individuals and consumers. The Alliance for Cyber Security also provides PDF instructions for managing cyber risks and a toolkit for managing cyber risks. This enables smaller organizations in particular to ask themselves questions about their own cyber security, explains the BSI spokesperson. The cyber risk check also helps organizations to review their own IT security together with an IT service provider, for example.
It also works without the help of the authorities: c't naturally also offers the Security Compendium 2023. This can be used to secure devices and services in just a few minutes. A few simple steps are all it takes.
(dmk)