CrowdStrike Helps Save the Children Defend Its Mission from Cyber Threats

For most organizations, cybersecurity is about protecting data and ensuring business continuity. But for Save the Children, safeguarding digital systems means protecting vulnerable children and staff from threats that could put their lives at risk.

Save the Children International, one of the world’s largest children’s rights organizations, operates in 113 countries with over 18,000 staff members. The organization’s mission is simple yet monumental: to improve the lives of children through education, health programs and advocacy for their rights.

But in today’s interconnected world, cyberattacks targeting Save the Children’s data and operations threaten the very people it strives to protect. Gareth Packham, Director of Information Security and Data Protection at Save the Children, explains: “We hold the data of millions of vulnerable children and families worldwide. In many cases, even their engagement with us can put them at risk in their communities.”

From ransomware and phishing attacks to nation-state actors and cyber activists, the organization must defend against a sophisticated and growing array of threats. In 2023, a cyberattack exposed gaps in its visibility and response capabilities. The incident drove home a stark reality: Save the Children needed a more proactive, resilient approach to cybersecurity.

Following the 2023 attack, CrowdStrike provided incident response, followed by managed detection and response through CrowdStrike Falcon® Complete Next-Gen MDR. The MDR deployment delivered immediate results. As Packham recalls, “Before CrowdStrike, our mean-time-to-response was measured in days. With Falcon Complete, we’ve reduced that to minutes.”

Falcon Complete Next-Gen MDR became the cornerstone of the nonprofit’s cybersecurity strategy, providing 24/7 monitoring and response across a global footprint. The team quickly realized the value of the AI-native CrowdStrike Falcon® cybersecurity platform and expanded its investment in CrowdStrike solutions.

With 24,000 users — including staff, volunteers and partners — tracking user activity across managed and unmanaged devices was critical. To gain visibility into this sprawling digital ecosystem, Save the Children added CrowdStrike Falcon® Identity Protection to its endpoint security deployment managed by the Falcon Complete team.

“Identity is one of the biggest vulnerabilities in our environment,” said Packham. “With identity protection, we can monitor user behavior and address anomalies in real time.”

The organization also adopted CrowdStrike Falcon® Spotlight to enhance vulnerability management. By integrating Spotlight with its existing workflows, it gained rapid insight into vulnerabilities across endpoints, reducing manual effort and prioritizing the most critical threats.

As its cybersecurity needs evolved, Save the Children embraced more CrowdStrike solutions. The organization added CrowdStrike Falcon® Cloud Security to monitor and secure its Microsoft Azure environment, a key component of its cloud-first strategy.

“The move to the cloud reduced costs and risks inherent in traditional IT environments, but it introduced new security challenges,” explained Packham. “With CrowdStrike, we have peace of mind knowing that any anomalous activity in the cloud is being monitored.”

The integration of CrowdStrike’s tools with Save the Children’s internal platforms, such as Jira, further streamlined operations. Escalations from CrowdStrike are now automatically converted into actionable tickets, ensuring timely resolution. These automations allow Packham’s small security team to focus on proactive measures rather than reactive firefighting.

“CrowdStrike has truly enabled us to punch above our weight,” says Packham. “Three years ago, I would never have imagined we’d have 24/7 coverage and the ability to close incidents in under 20 minutes. Now, it’s our reality.”

For Save the Children, cybersecurity isn’t just about protecting data — it’s about safeguarding lives. In one operating country, a staff member working as an equality advisor faced life-threatening risks. Concerned about suspicious activity on his laptop, the organization’s security team discovered spyware possibly installed by an adversary. With CrowdStrike’s help, they confirmed the threat and took swift action, evacuating the staff member to safety.

“They were tracking his movements,” recalled Packham. “If we hadn’t acted, the consequences could have been unthinkable.”

In another instance, public prosecutors in a high-risk region seized laptops from Save the Children staff. Using CrowdStrike’s tools, the security team quickly assessed the situation, ensuring no sensitive data had been accessed.

“That visibility is priceless,” said Packham. “We can confidently report to our board and stakeholders that we’ve assessed the risk and taken appropriate action.”

The partnership with CrowdStrike extends beyond technology. Packham describes it as an extension of his team. “They’re not just a vendor — they’re a trusted partner. Their responsiveness and expertise have earned the trust of our leadership and general counsel. Without them, we’d be operating in the dark.”

Looking ahead, Save the Children aims to further consolidate its security tools with the Falcon platform. Technologies such as CrowdStrike® Charlotte AI™ promise to enhance the platform by automating repetitive tasks and accelerating investigations. The organization also seeks to align cybersecurity across its global federation, ensuring consistency and collaboration across member organizations.

Reflecting on the partnership, Packham concludes, “Cybersecurity is about resilience. It’s about doing all you can to prevent attacks but being prepared to recover quickly when they happen. Thanks to CrowdStrike, we’re protecting not just our organization but the millions of children and families who rely on us. That’s a responsibility we take very seriously.”