At our recent webinar on cybersecurity (listen on demand here), our expert panel discussed why Non Profit Organizations are high targets and which cybersecurity threats are currently giving them the most concerns.
Why are Nonprofits specifically targeted?
The short answer, CREDIT CARDS. Non-profits are targeted for fraud because they take credit cards for funding their mission.
“We are in the unique situation where you have internet or mobile based donations that come in various amounts, frequencies, and from multiple locations. As a non-profit, you can’t really turn any donation away so you’ll accept it, but the consequence is that it makes you a key target for testing stolen credit cards.”
Mat Matthews, Senior Director of IT and Security at Boys & Girls Clubs of America
What specific threats give our panel the most concern?
1. Phishing attempts compromise accounts and many are not involving an Advanced Persistent Threat (APT) component. The attackers are not only jeopardizing the account and immediately exploit it, but they actually stay on the network to learn more and do reconnaissance on the network.
2. There are risks with supply chain and shadow IT technologies. Cloud providers and web platforms don't go through IT to validate necessary security scans or meet contractual requirements with the legal department. Many of these cloud technologies have the potential for a shadow IT or IT components which become a risk. Nonprofits don’t have the money to stay on top of these risk, so they have to be creative and come up with different ways to mitigate that risk like doing network segmentation.
3. There is also the lure of non-security technology companies providing security solutions at a reduced cost. Companies are offering solutions that may not have all the right pieces or be implemented correctly to provide sound security. They may appear to provide a reduced monetary cost, but it can give a false sense of security when it doesn't perform well and opens up operational risks.
4. The inability to keep control of your information. While something might be in the cloud, it doesn't necessarily mean it's safe, and it doesn't mean that those using the cloud are following proper security protocols. It's just too hard to get your hands around everything once the data is outside the system.
If you want further detail to what our expert panel had to say about cybersecurity for nonprofits, make sure to click here and listen to the entire discussion. Then if you feel like your cybersecurity is in jeopardy, learn more about Apptega to enhance your cybersecurity today.