Nonprofits serving susceptible populations sit on the uncomfortable intersection of delicate information, world publicity and restricted safety assets.<\/p>\n
Geneva-based Defend.ngo, previously the CyberPeace Institute, helps nonprofit and nongovernmental organizations (NGOs) navigate these challenges with free cybersecurity help. To satisfy its mission, Defend.ngo, itself a nonprofit, should regularly determine and analyze the threats that focus on its almost 700 member organizations — far simpler stated than performed.<\/p>\n When Defend.ngo began in 2018, its cybersecurity analysts relied on open supply intelligence expertise to trace publicly reported cyberattacks in opposition to the nonprofits in its community. The method concerned manually checking information retailers, darkish net boards<\/a>, social media and different sources.<\/p>\n “Many [NGOs] have a smaller digital footprint,” stated Miles Collins, a cyberthreat analyst at Defend.ngo. “This could make it harder to detect whether or not they have been focused and to collect sufficient proof for technical attribution.”<\/p>\n With no unified view of the menace panorama dealing with NGOs and different civil society organizations, the work was time-consuming, inconsistent and unwieldy. The outcomes additionally failed to provide Defend.ngo analysts the real-time insights they wanted to correctly analyze and prioritize rising and ongoing safety threats<\/a>. The size of Defend.ngo’s monitoring actions compounded the problem, with a whole lot of member organizations spanning completely different areas, sectors and working environments.<\/p>\n These challenges however, it was vital that analysts detect assaults rapidly and persistently, each for instantly affected organizations and their friends. A menace surfacing in a single nook of the Defend.ngo community might have implications for numerous different NGOs. Plus, any missed or delayed detections might create gaps within the public information upon which researchers and policymakers rely.<\/p>\n By March 2025, Defend.ngo analysts had manually documented greater than 295,000 threats, 760 vulnerabilities and 1,100 distinct assaults on NGOs — and the menace panorama was solely worsening.<\/p>\n<\/section>\n Across the identical time, Defend.ngo turned to AI to help the efforts of its human analysts. The group deployed Dataminr’s AI-powered menace intelligence platform, which has the next capabilities.<\/p>\n In response to Collins, he and his fellow analysts at Defend.ngo evaluate and confirm all AI-driven alert and intelligence information, guaranteeing its accuracy and reliability earlier than figuring out subsequent steps.<\/p>\n “Human analysts are nonetheless required with regards to judging whether or not these claims are credible or not,” Collins added. “As a part of our methodological course of, we all the time have an analyst reviewing AI output.”<\/p>\n Along with supercharging cyberattack and menace monitoring for Defend.ngo’s consumer organizations, Dataminr’s AI menace intelligence expertise informs the nonprofit’s Cyber Tracer<\/a>. The general public platform tracks vulnerabilities, threats and assaults related to civil society organizations and helps ongoing analysis on conflict-zone cyberactivity, together with the Russia-Ukraine struggle. NGOs, policymakers and researchers can use Cyber Tracer — which additionally consists of structured, domain-specific information from third-party companions Cloudflare, Bitsight and Kaduu — to higher mitigate danger and enhance cyber resilience<\/a>.<\/p>\n<\/section>\n At Defend.ngo, Collins stated the core operational advantage of agentic AI menace intelligence has been the consolidation of numerous and far-flung occasion, menace and danger information. A single, deduped and contextualized feed means analysts spend much less time gathering and organizing info and extra time analyzing and prioritizing it.<\/p>\n AI-driven monitoring additionally extends protection into channels that analysts at resource-constrained organizations hardly ever have the capability to look at persistently, reminiscent of darkish net boards the place ransomware<\/a> teams publish claims in opposition to victims which may not seem in typical information sources.<\/p>\n The agentic menace intelligence workflow was initially examined throughout an incident involving a nonprofit in Defend.ngo’s The Builders<\/a> program, a matchmaking initiative that connects company cybersecurity volunteers with NGOs that want help.<\/p>\n On this occasion, a menace actor claimed to have exfiltrated information from the group’s surroundings and revealed a pattern of the database on-line. Dataminr surfaced the alert earlier than Defend.ngo volunteer analysts recognized it by every other channel, Collins stated, enabling them to rapidly contact the group with remediation help.<\/p>\n To this point, Defend.ngo has recorded greater than 878,000 threats, detected 1,084 vulnerabilities throughout NGOs, recognized greater than 2,000 assaults, quarantined greater than 560,000 phishing emails and detected greater than 315,000 uncovered credentials.<\/p>\n<\/section>\n Regardless of Defend.ngo’s optimistic expertise with the AI menace intelligence platform, Collins warned that smaller organizations with out devoted safety features typically lack the baseline controls that make such monitoring instruments helpful within the first place.<\/p>\n Organizations with out in-house safety workers ought to focus first on the fundamentals — MFA<\/a>, VPNs<\/a>, robust password administration<\/a> and software program updates. “Keep away from getting any complicated instruments earlier than the foundational operational safety is in place,” he stated.<\/p>\nThe issue: When handbook monitoring is not sufficient<\/h2>\n
The repair: AI joins the trigger<\/h2>\n
\n
\n
\n <\/figure>
\n <\/figcaption>\n <\/p>\n<\/blockquote>\nThe outcomes: Consolidated and contextualized menace intelligence information<\/h2>\n
The primary alert on an exfiltrated database<\/h3>\n
A caveat: AI will not make up for poor cybersecurity hygiene<\/h2>\n