NGO Cybersecurity and Humanitarian Aid Security with Jack McKenna

In conflict zones, a single name in a breached database can be enough for a hostile government to identify and target a local partner. Jack McKenna has seen it happen. This is not a hypothetical. It is the threat landscape NGOs are operating in right now, and most have no idea how exposed they really are.NGO security management and humanitarian aid security have never been more urgent. The organizations doing the most critical work in the world are also the most targeted and the least resourced when it comes to cybersecurity. Understanding where those threats live and what any organization can do about them is no longer optional.Jack McKenna is President and CEO of Prescient, a tech enabled digital intelligence, investigation, and risk advisory firm at the intersection of cybersecurity, corporate security, and intelligence. He also serves on the board of District 4 Labs, a Prescient spinoff building OSINT data products. Amaury Cooper, a former Prescient client himself, sat down with Jack to break down the real threat landscape facing NGOs and international development organizations.Key TakeawaysIn hostile environments, assume your location and communications are visible and work your security posture backward from that assumption.NGOs are among the most targeted organizations in the world and operate with a fraction of the security resources available to corporations.Threat actors have moved off mainstream platforms and into closed Telegram forums and Discord servers where traditional monitoring does not reach.A single name linking a local partner to an international NGO in a breached database can be enough for a hostile government to target them.Least privilege access and data destruction policies are not advanced concepts. They are basic discipline, and most organizations are not doing them.Jack McKenna said, "In many ways they're the most threatened, but they're the most under resourced," referring to NGOs and their cybersecurity posture.Jack McKenna said, "Assume that it could become publicly available someday," on the reality that any data submitted to any platform is potentially exposed.Timestamps00:00 Introduction and welcome01:00 Jack McKenna and Prescient overview02:23 The current threat landscape for NGOs03:56 How threats moved from social media to closed Telegram and Discord forums05:09 Infiltrating closed forums, personas, AI, language, and slang06:36 How investigators identify and track threat actors08:20 Breached government databases and international attribution09:47 Bellingcat, open source intelligence, and what NGOs can learn11:01 The ICRC breach, White Helmets, and real world NGO cases12:39 What NGOs can do, least privilege access and data destruction14:52 How breached data puts local partners in physical danger17:19 AI agents and data access risks18:24 Using breached data to unmask threat actors19:29 District 4 Labs, Bellingcat, and free OSINT support for nonprofitsConnect with Jack McKennaLinkedIn: https://www.linkedin.com/in/jack-mckenna-3a301345/Website: https://www.prescient.com/