Just like modern enterprises, non-profits rely heavily on digital technologies such as the internet, cloud computing, and smartphones. But unlike most organizations, non-profits fall far behind in implementing the much-needed cybersecurity solutions to protect their digital assets.
Non-profits are equally as vulnerable to cyberattacks as profitable businesses. In fact, non-profits may actually be more at risk of cybercrime since most of them lack sophisticated cybersecurity technologies and don’t enforce strict security policies. Furthermore, non-profit organizations handle large volumes of sensitive personal and corporate data, making them attractive marks for supply chain, ransomware, and data breach exploits.
A survey conducted by NTEN puts the scope of this problem into perspective. In the survey, only 20.5 percent of the respondents had documented policies for handling cyber incidents. Nearly 60 percent did not provide cybersecurity training to their staff, and only a fraction of non-profits had data backup systems and multifactor authentication in place.
The state of cyber insecurity
In 2020 alone, over 150 million records were exposed in just over 1,000 breach incidents. Although these figures are shockingly high, they're not strictly accurate because the COVID-19 pandemic severely disrupted incident reporting mechanisms. And speaking of the pandemic, the UN stated that cybercrime shot up 600 percent amid the crisis. Many organizations, including non-profits, are at even greater risk of attack due to increased online activities following the pandemic.
No organization dealing with sensitive data or online transaction is immune to cybercrime. Below are three common types of attacks targeting non-profits:
Phishing is a type of social engineering fraud where the attacker tricks innocent victims into giving away their money, security credentials, or personal details. It’s also one of the main vectors for malware distribution, primarily via email. A phishing attempt recently made headlines after an attacker nearly scammed Barbara Corcoran (of Shark Tank) out of $400,000 via email pretending to be her assistant.
In 2019, People Inc, Western New York's largest non-profit, reported a data breach that exposed nearly 1,000 personal indentation and health information records. Two compromised employee email accounts are believed to have caused the breach. Surprisingly, most data breach incidents actually result from human error, negligence, or insider threats.
In this type of attack, the perpetrator manages to get hold of an organization’s data and demands ransom to release it. The most recent ransomware attack targeted Colonial Pipeline, the largest pipeline system for refined oil products in the US. Colonial Pipeline reportedly paid the hacker gang known as DarkSide $4.4 million in Bitcoin to unlock their corporate network. Ransomware attacks like these are not only expensive but also severely disruptive. In this case, Colonial shut down all its operations for five whole days after the attack.
Clearly, non-profit organizations are easy prey for cybercriminals. Cyber threats are real and are only getting more rampant, sophisticated, and devastating. It’s imperative that you keep all your organization’s digital assets, from networks to end-points, safe and secure.
Contact us now for a FREE, 15 minute cybersecurity check-up with one of our technology experts. We will address solutions to the vulnerabilities in your network, and how to better protect your data.
Click Here to Book your 15-Minute Cybersecurity Check-up