Non-profits are one of the five industries most affected by cybercrime, which jeopardizes their vital work. Thoughtworks partnered with Brazilian non-profit, Centro de Trabalho Indigenista (CTI) to help it improve its security, project usability, and performance.
CTI was founded by anthropologists and indigenous people to promote and protect indigenous rights to territory, health, education, and culture. Part of its mission is to provide accurate and up-to-date information to those who are leading the fight in this area. And to be a reliable information source, its digital assets and domains must be secure. Unfortunately, like so many other organizations, CTI has been subjected to cyberattacks—and two thirds of its applications were found to be infected with malware.
At Thoughtworks, security is in our DNA. And while our main goal was to migrate CTI’s applications and subdomains to a new hosting company, we also had further security improvements in our sights. However, there were challenges to overcome. As a non-profit, CTI is operating with a low budget. So not only did we aim to solve its immediate problems, we also wanted to future proof its pathway from a security perspective.
Along with a need to remove the malware, our security analysis indicated that CTI’s servers were receiving roughly 50,000 requests a day from other countries. So our team configured Web Application Firewall (WAF) rules to block those suspicious requests, while also defining specific countries that could access and manage the application. Other security measures included:
Removing unencrypted passwords from the database;
Activating reverse proxy and end-to-end encryption;
Updating application technologies outdated for more than six years.
Going even further, we improved the performance of CTI’s Digital Library application significantly. This delivered a 99.9% reduction in execution time to access the site and a 96.6% reduction in the number of database queries.
We also conducted broader responsible tech research to help CTI understand what possible risks it could face in the coming years and how to prepare for them, including:
Future paths for the indigenous cause and CTI over a 30-year horizon;
Future risks and opportunities and their implications in the short, medium and long term;
Decision-making in the present, but also looking at possible future scenarios.
When you consider that four out of ten Brazilians say they receive fake news daily, CTI’s resources are essential for combating misinformation. Our work has provided critical usability, performance, and security improvements, as well as migrating these resources to a secure hosting environment. Looking ahead, the organization's digital assets will be more secure, ensuring greater independence and autonomy for CTI’s important work.