In June, Tatua Digital Resilience Centre attended the inaugural cyber carnival, an event that brought together cybersecurity experts from across Africa to network and collaborate on various cybersecurity issues facing the region. The event featured provocative discussions on Africa’s digital transformation and its impact on cybersecurity defence. There were also extensive discussions on emerging vulnerabilities, incidents, and other factors that affect the operations of incident response and security teams. While each conversation offered meaningful insights, the one on cyber threat intelligence was particularly noteworthy.
Multiple studies have shown that civil society is under siege in cyberspace, and attacks against civil society communities are becoming more frequent and sophisticated. The threat landscape is no longer lone hackers or small hacker groups, but also government-backed groups and large tech companies trying to watch, disrupt, or silence dissent.
Why does this matter? Because as threats become more frequent and complex, civil society communities remain understaffed and under-resourced to stay ahead of existing and emerging threats. Nevertheless, as a civil society member, you can utilise cyber threat intelligence (CTI) to bridge this gap.
What is cyber threat intelligence, and why is it vital in building your cyber defence strategy?
Think of CTI as the meaningful information that you get from combining data from different cybersecurity tools in your organisation’s systems, news sources, and across the industry. This information acts as your early warning system to help you spot and respond to threats early before they cause irreversible damage.
Just as weather forecasts help you prepare for storms, cyber threat intelligence helps you prepare for digital attacks. This intelligence allows your organisation to understand who might target you, how they operate, and what you can do to stay protected.
For social justice organisations and other civil society members, this protection is especially critical because your work often challenges powerful interests. Attackers will try to steal donor information, intercept communications, or simply disrupt your advocacy operations and campaigns. Having good intelligence helps you stay one step ahead.
Traditionally, CTI was the result of implementing complex cybersecurity systems to continuously monitor systems and transform data into actionable intelligence. However, now, there are many low-cost and free tools available that civil society members can leverage and get high-quality threat intelligence.
Making Technical Information Accessible: The Tatua Digital Resilience Centre
While civil society members have access to a large pool of tools and platforms that provide high-quality and actionable CTI, the technical nature of cyber threat information can be overwhelming for organisations without dedicated IT staff. Tatua specialises in translating complex cyber threat intelligence into practical, understandable guidance for social justice organisations about threats facing them and what they can do to protect themselves.
We recognise that most civil society members are not cybersecurity experts and lack the essential resources to access this kind of expertise. For this reason, we have developed visual guides, infographics, and training materials that explain digital threats in the context of human rights work, and our team monitors emerging threats and policy developments that specifically affect civil society, then translates this information into actionable advice.
Beginning your cyber threat intelligence journey doesn’t require technical expertise, but it does benefit from a systematic approach. Start by honestly assessing your organisation’s digital footprint and identifying what information would be most damaging if compromised. This might include donor databases, communications, strategic plans, or financial information. Once you understand your priorities, you can register for the free CTI platforms that best match your needs.
However, don’t try to use every available tool at once; choose one or two platforms to start with, learn how they work, and gradually expand your intelligence gathering as your team becomes more comfortable with the process. Most importantly, you can reach out to Tatua for help in translating technical intelligence into practical action. Here are some platforms and tools that Tatua can help you configure, build connections with, and interpret CTI from them into accessible language and formats.
Free resources that can transform your Cyber Threat Intelligence
Several organisations offer free CTI specifically designed for civil society groups. These aren’t watered-down versions of paid services; they’re comprehensive tools that give world-class CTI, and many large corporations pay thousands of dollars to access. So who are they and how can your organisation access them?
The Shadowserver Foundation acts like the global neighbourhood watch for the internet. They scan the entire internet daily, looking for malware, exposed databases, and other security issues. If they find problems related to your organisation’s digital presence, they’ll send you detailed reports with step-by-step guidance on how to fix them. Civil society members can also sign up for threat intelligence reports from Shadowserver on specific threats that may affect them, in addition to meaningful guidance on how to address them.
Amnesty International’s Security Lab: Operates as a digital emergency room for civil society. The Digital Forensics Helpline provides expert analysis of devices suspected of being compromised at no cost. Amnesty also creates cybersecurity resources about emerging threats targeting civil society communities in simplified and accessible languages.
SOCRadar: Although this is a cybersecurity vendor that operates for profit, SOCRadar provides all organisations with a free edition that monitors the dark web for threats targeting them. The platform monitors for mentions, scans for vulnerabilities in publicly facing systems, and provides actionable intelligence on how to address these weaknesses. The SOCRadar dashboard lets you see potential threats in plain language, helping you prioritise which issues need immediate attention.
Microsoft Defender Threat Intelligence shares real-time information about active threats, including detailed profiles of threat actors and public reports about ongoing attacks. Even if you don’t use Microsoft products, their intelligence feeds can help you understand what threats are currently targeting organisations like yours and what you can do to mitigate those threats.
The Open Threat Exchange (OTX) by AlienVault is a community-driven platform where security researchers worldwide share information about new threats. This collaborative approach enables you to benefit from the collective knowledge of thousands of security professionals at no additional cost.
Several government agencies develop and disseminate specific guidance for nonprofits and advocacy groups, such as practical recommendations for setting up technical controls and how to respond to security incidents. Many run indicator sharing programs that give the public access to actionable, real-time threat data. Examples of notable agencies include the Computer Incident Response Centre Luxembourg (CIRCL) and the Cybersecurity and Infrastructure Security Agency (CISA).
InfraGard, a partnership between the FBI and the private sector, offers free membership that includes access to threat briefings, networking opportunities with security professionals, and educational resources tailored for organisations working in the public interest sector.
National and Sector-Specific Computer Incident Response Teams (CIRTs) represent another valuable layer of cyber threat intelligence that’s accessible to civil society members. Every country typically has a national CIRT, such as Kenya’s Ke-CIRT, that monitors cyber threats within its borders and provides free alerts, advisories, and incident response support to citizens in its jurisdiction. National CIRTs understand the specific threat landscape in their region, including local cybercriminal groups, common attack methods targeting organisations in their country, and culturally relevant social engineering tactics. These factors make the CTI received from national CIRTS highly meaningful and actionable to civil society members.
The Computer Incident Response Centre for Civil Society (CiviCERT) operates as a trusted network of civil society groups working together to build collective digital resilience. First, they collaborate on shared infrastructure and resources, allowing smaller organisations to access enterprise-level security capabilities they couldn’t afford individually. This might include shared threat detection systems, collective purchasing of security tools, or pooled expertise for incident response. CiviCERT also investigates and shares actionable CTI about threats specifically targeting civil society, such as threat actors and their tactics, techniques, and procedures.
Conclusion
Access to high-quality and actionable CTI at no cost represents a significant progress in the ability of civil society members to build their digital defences. Organisations that once had to rely on expensive consultants or hope for the best can now access the same intelligence used by governments and major corporations. This democratisation of defence capabilities is particularly important for civil society members, who often face sophisticated threats despite having limited resources. By combining powerful intelligence tools with direct support from Tatua, civil society can build robust defences against even well-funded adversaries. Remember, in an increasingly connected world, your digital security is inseparable from your ability to build a strong advocacy front and create lasting social change.
Tatua’s services are always available via the following contact channels:
Location: Highway Heights, Kilimani
Digital Security helpline: Call, WhatsApp, Signal: +254 110 730 730
Email: Support@tatua.digital
Mailing list: https://tatua.digital/mailman/listinfo
24/7 helpdesk: https://support.tatua.digital/