The Cybersecurity and Infrastructure Security Agency (CISA) and its partners recently issued helpful guidance for entities that have limited resources to address cyber threats. The guidance, entitled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” is targeted to assist civil society—“nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities, and individuals involved in defending human rights and advancing democracy,” which are considered “high risk communities” because they “are targeted by state-sponsored threat actors who seek to undermine democratic values and interests” with addressing cybersecurity risks with limited resources.

According to the guidance, state-sponsored attacks against civil society are primarily launched by “the governments of Russia, China, Iran, and North Korea.” The threat actors are conducting “extensive pre-operational research to learn about potential victims, gather information to support social engineering, or obtain login credentials,” and are using spyware applications to collect data from victims.

The guidance is designed to provide “mitigation measures for civil society organizations to reduce their risk based on common cyber threats” and civil society organizations and affiliated individuals are “strongly encourage[d]…to apply the mitigations provided in this joint guide.”

If you fall into the civil society organization category, you may wish to consider delving into the guidance with your IT professionals to learn more about the threat and how to mitigate the risk of a cyber-attack from state-sponsored actors and other threat actors.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.