INSSA Insights

NGO Cybersecurity and Humanitarian Aid Security with Jack McKenna


Listen Later

In conflict zones, a single name in a breached database can be enough for a hostile government to identify and target a local partner. Jack McKenna has seen it happen. This is not a hypothetical. It is the threat landscape NGOs are operating in right now, and most have no idea how exposed they really are.

NGO security management and humanitarian aid security have never been more urgent. The organizations doing the most critical work in the world are also the most targeted and the least resourced when it comes to cybersecurity. Understanding where those threats live and what any organization can do about them is no longer optional.

Jack McKenna is President and CEO of Prescient, a tech enabled digital intelligence, investigation, and risk advisory firm at the intersection of cybersecurity, corporate security, and intelligence. He also serves on the board of District 4 Labs, a Prescient spinoff building OSINT data products. Amaury Cooper, a former Prescient client himself, sat down with Jack to break down the real threat landscape facing NGOs and international development organizations.

Key Takeaways

In hostile environments, assume your location and communications are visible and work your security posture backward from that assumption.

NGOs are among the most targeted organizations in the world and operate with a fraction of the security resources available to corporations.

Threat actors have moved off mainstream platforms and into closed Telegram forums and Discord servers where traditional monitoring does not reach.

A single name linking a local partner to an international NGO in a breached database can be enough for a hostile government to target them.

Least privilege access and data destruction policies are not advanced concepts. They are basic discipline, and most organizations are not doing them.

Jack McKenna said, "In many ways they're the most threatened, but they're the most under resourced," referring to NGOs and their cybersecurity posture.

Jack McKenna said, "Assume that it could become publicly available someday," on the reality that any data submitted to any platform is potentially exposed.

Timestamps

00:00 Introduction and welcome
01:00 Jack McKenna and Prescient overview
02:23 The current threat landscape for NGOs
03:56 How threats moved from social media to closed Telegram and Discord forums
05:09 Infiltrating closed forums, personas, AI, language, and slang
06:36 How investigators identify and track threat actors
08:20 Breached government databases and international attribution
09:47 Bellingcat, open source intelligence, and what NGOs can learn
11:01 The ICRC breach, White Helmets, and real world NGO cases
12:39 What NGOs can do, least privilege access and data destruction
14:52 How breached data puts local partners in physical danger
17:19 AI agents and data access risks
18:24 Using breached data to unmask threat actors
19:29 District 4 Labs, Bellingcat, and free OSINT support for nonprofits

Connect with Jack McKenna

LinkedIn: https://www.linkedin.com/in/jack-mckenna-3a301345/
Website: https://www.prescient.com/
...more
View all episodesView all episodes
Download on the App Store

INSSA InsightsBy INSSA