Faith-Based Daily Awareness Post 6 January 2026

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Religious Sites as Targets: The Strategic Significance of Terrorism Against Places of Worship

The article explains that attacks on religious sites including mosques, synagogues, and churches are not random acts of violence but strategic choices by extremist actors aimed at maximizing psychological and social impact. Sacred spaces hold deep symbolic meaning, representing moral order, communal identity, and sanctuary; when terrorists attack them, the intent goes beyond causing casualties to desecrate what communities hold inviolable, undermining social trust and provoking fear. Because places of worship are often open and accessible, they become vulnerable “soft targets,” and the resulting violence tends to intensify existing divisions and can trigger cycles of retaliatory violence. The piece notes that such attacks also receive widespread media coverage, amplifying the terror group’s message and spreading fear farther than the immediate act.

The author stresses that preventing these attacks requires more than security at doors. It demands leadership, interfaith cooperation, and initiatives that address radicalization and social fragmentation. However, it cautions against responses that mirror extremist narratives, such as collective blame or inflammatory rhetoric. Ultimately, resilience depends on societies maintaining moral cohesion rather than retreating into fear.

Analyst Comments: A key risk highlighted by this trend is the illusion of distance: the persistent assumption that attacks on religious sites are primarily a problem confined to conflict zones or the Middle East. While sacred spaces have long been targeted in overseas extremist campaigns, recent years have shown a steady increase in threats and attacks against churches, synagogues, and mosques in Western countries, challenging the belief that geography or political stability provides insulation. This misconception can lead communities to underestimate their exposure, delaying basic preparedness measures and threat awareness.

What matters operationally is not only why religious sites are symbolically powerful, but that they are increasingly viewed as viable targets in Western contexts, where openness, predictability, and limited security remain common. Adversaries exploit this gap between perceived and actual risk, leveraging attacks or even credible threats to generate fear, media attention, and social tension well beyond the immediate incident.

From a preparedness standpoint, protecting places of worship requires confronting this illusion directly. Effective risk reduction blends proportionate physical security with community vigilance, information-sharing, and pre-incident planning, without undermining the welcoming nature central to faith communities. Recognizing that this threat environment is no longer “elsewhere” is a critical first step toward building realistic, sustainable resilience at the local level.

One criminal, 50 hacked organizations, and all because MFA wasn’t turned on

A single cybercriminal, known by the handles Zestix or Sentap, has compromised and posted sensitive data from about 50 global organizations after exploiting stolen cloud credentials harvested by infostealer malware. The apparent victims span major sectors such as utilities, aviation, engineering, defense robotics, healthcare, and legal services, and include companies like Florida-based Pickett and Associates, Japan’s Sekisui House, and Spain’s Iberia airline. According to cybersecurity firm Hudson Rock, none of the victims enforced multi-factor authentication (MFA) on their enterprise file-sharing and synchronization platforms, allowing the attacker to simply log in with harvested usernames and passwords.

The intrusions did not rely on software vulnerabilities but on credential reuse, poor password hygiene, and lack of MFA, enabling unauthorized access to cloud file repositories containing sensitive engineering designs, personal data, and operational information, which is now being traded or sold on dark web markets. Security experts warn this environment of weak credential defense directly facilitates breaches, emphasizing the need for stronger MFA and ongoing credential management

Analyst Comments: While houses of worship may not view themselves as high-value cyber targets, opportunistic actors simply look for the absence of multi-factor authentication (MFA) on a network, no matter the organization running it. Many faith-based organizations rely on cloud services for donor records, livestreaming platforms, email, file storage, and scheduling tools, often managed by volunteers or small staffs with limited cybersecurity resources. Without MFA, a single stolen password frequently harvested through phishing or infostealer malware can grant attackers full access to sensitive congregant data, financial accounts, or administrative systems.

For houses of worship, the consequences extend beyond financial loss: breaches can erode community trust, expose personal or pastoral information, and disrupt services during critical religious events. Implementing MFA is one of the most cost-effective and impactful safeguards available, significantly reducing the risk of account takeover while requiring minimal technical overhead. In an environment where attackers increasingly favor low-resistance targets, MFA serves as a basic but essential control to protect both the mission, and the people faith communities serve.

FB-ISAO Meeting Series: Building an Intelligence Team for your HOWs

January 7, 2026: The nature of intelligence as it relates to HOW decision making and security practices.

When: January 7^th, 2026

Time: 12:00 P.M. Eastern Time

Register Here

The intelligence process helps decision makers weigh alternatives and make threat-informed, fact-based choices via enhanced situational awareness. By leveraging intelligence, houses of worship can enhance their overall safety and security, ensuring their spaces remain welcoming sanctuaries for worship – yet prepared for potential incidents.

• February 4, 2026: The mission and purpose of a HOW-centric intelligence team.
• March 4, 2026: The roles and skill sets needed to be effective, whether you have a team or an army of one, and the organizational structure and workflow.
• April 1, 2026: The sources and methods of local intelligence collection and analysis.
• May 6, 2026: Expanding your horizon to consider additional atypical threats, man-made and natural disasters, to prepare for all-hazards.
• June 3, 2026: Operationalizing your intelligence team.