Faith-Based Daily Awareness Post 13 May 2025

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters. 

Assessing the Global Climate in April 2025

The National Centers for Environmental Information (NCEI) released its global climate assessment for April 2025, revealing significant deviations from historical climate norms.

Key Findings:

• Global Average Temperature: April 2025 was the second-warmest April on record, with global temperatures 2.20°F (1.22°C) above the 20th-century average. This is slightly below the record set in April 2024.
• Record Low Global Precipitation: Preliminary data suggest that April 2025 may have been the driest April globally since records began in 1979.
• Northern Hemisphere Snow Cover: The snow cover extent tied with 2024 as the smallest on record for April, measuring 820,000 square miles below average. Significant deficits were noted over North America, Greenland, and Eurasia.
• Near-Normal Activity: April 2025 witnessed near-normal tropical cyclone activity, with four named storms recorded globally.

These findings underscore the ongoing shifts in global climate patterns, highlighting the importance of monitoring and addressing climate change impacts.

Analyst Comments: The combination of record-high temperatures, diminished snow and ice coverage, and increasingly unpredictable precipitation patterns reflects the projections made by the IPCC and highlights the urgent need for swift global climate action. Effective climate policy must be complemented by efforts to strengthen resilience at the local level, particularly in frontline and historically under-resourced communities.

 Last week we published a Hurricane Preparedness report, and we encourage all members to review the report and take proactive measures to help build resiliency ahead of what is forecasted to be an above-average hurricane season.

Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack

In October 2024, Illinois-based physical security firm Andy Frain Services experienced a ransomware attack attributed to the Black Basta group, impacting over 100,000 individuals. The attackers claimed to have exfiltrated approximately 750 GB of sensitive data, including files related to accounting, human resources, and legal departments. While the company has not disclosed specific details about the compromised information, it is offering 12 months of credit monitoring and identity restoration services to those affected. Notably, the Black Basta group has been inactive in announcing new victims in recent months, leading experts to believe they may have gone underground, potentially to reemerge under a different guise.

Analyst Comments: Andy Frain Services operates as a third-party vendor to a wide range of institutions including airports, sports arenas, corporate buildings, and government sites making its ransomware breach particularly concerning. When a vendor like Andy Frain is compromised, it creates supply chain vulnerabilities that can ripple across all connected organizations. These vulnerabilities may result in unauthorized access to secure facilities, compromised event security protocols, and identity fraud risks for personnel working across client sites. The incident highlights critical gaps in vendor risk management, emphasizing the importance of stricter vendor vetting procedures, particularly around cybersecurity controls. Organizations must conduct regular risk assessments and security audits and adopt Zero Trust principles that limit data sharing and access even with long-standing partners. Additionally, if Andy Frain is responsible for on-the-ground security operations, a breach can directly hamper a client’s incident response capabilities—especially if that response depends on compromised systems or coordination with affected personnel.

Resources:

• Third-Party Risk Management (TPRM): A Complete Guide
• How to Protect Yourself from Third-Party Risk