Prisca Tang
The United Nations University Institute in Macau (UNU Macau) said in a statement last week that civil society organisations in Macau lack the resources, expertise, capabilities, and influence to effectively manage their cybersecurity, according to a study that it carried out recently.
According to the statement, the study by the institute, “Civil Society Organisations’ Cyber Resilience, leaving no civil society organisation behind in cyber resilience” (the title of the study), has reviewed civil society organisations’ evolving cybersecurity risk environment in Macau.
The statement says that the study underscores how these organisations’ limited cybersecurity resources and capabilities and their vulnerable position within the local cybersecurity landscape could impair their long-term operations.
The statement points out that the study, supported by the Macau Science and Technology Development Fund (FDCT), employed surveys and in-depth interviews with personnel of local social care and community-based organisations. The statement says that the findings reveal the cybersecurity incidents these organisations regularly experience, such as password mismanagement, hardware failure, phishing, and malicious software. The statement points out that despite awareness of the importance of cyber resilience – the capability to prepare for, defend against, recover from, and adapt to adverse cyber incidents – for organisational resilience, few local organisations have relevant cybersecurity policies or procedures in place.
UNU Macau Principal Research Fellow Mamello Thinyane is quoted by the statement as saying that “the lack of internal cybersecurity capacity and expertise in civil society organisations has led them to adopt ad-hoc and haphazard cybersecurity management practices. We also observe significant gaps in the local cybersecurity landscape. There is more clarity in the cybersecurity legal provisions and more technical assistance available to the public- and private-sector organisations relative to civil society organisations. As a result, civil society organisations occupy a precarious and vulnerable position. These dynamics make them more susceptible to risks from adverse cyber incidents.”
The statement urges the government to bolster the role of existing cybersecurity response teams, develop cybersecurity solutions for civil society organisations, and provide them with cybersecurity capacity-building programmes and cybersecurity-specific funding instruments. Further, it recommends that the government actively engage civil society organisations in cybersecurity policymaking.
The statement also advises civil society organisations to undertake organisation-wide cybersecurity capacity building, adopt appropriate cyber resilience management models and frameworks, and leverage partnerships and external support for cybersecurity. Finally, the report recommends that communication and cybersecurity service providers define clear service level agreements for civil society organisations with commitments to specific cybersecurity targets. The statement added that such provisions are beneficial for the civil society organisations contracting the service of these enterprises and their compliance to the local data protection requirements as a data holder and data processor.
The statement emphasises the need to enhance the cyber resilience of all stakeholders, including civil society organisations, to achieve societal cyber resilience in the digital age.
This handout photo provided by the United Nations University Institute in Macau (UNU Macau) last week shows local civil society organisations participating in an organisational cyber resilience capacity-building workshop conducted in December last year.
