Giving Compass' Take:
- Nonprofit organizations and NGOs are targets for cybercrime and need more cybersecurity protection against online breaches.
- How can donors help strengthen and support nonprofit capacity to improve cybersecurity procedures and policies?
- Read more about cyber leadership.
What is Giving Compass?
We connect donors to learning resources and ways to support community-led solutions. Learn more about us.
“We do not attack health care, education, charitable organizations, [and] social services,” said a representative of LockBit 2.0 (a prominent cybercrime gang) in an interview with the Russian YouTube channel OSINT earlier this year.
As honorable as that makes cybercriminals sound, a glance at recent news headlines tells a different story. From the United States to Australia to Ireland, all kinds of public service organizations have been affected by cybercrime during the past twelve months. Overall, more than 50 percent of NGOs now report that they have been targeted by a cyberattack. What this means is that, as long as hackers can make money from breaching an organization’s cybersecurity, no sector is off limits, regardless of the charity’s or NGO’s mission.
For any cybercriminal, the ideal victim is not an organization with vast resources but one that is easy to hack and has a lot to lose when its network is breached. Unfortunately, most NGOs and nonprofits more than fit this bill. According to a survey by CohnReznick, more than two-thirds of nonprofits failed to assess their levels of cybersecurity risk. And a 2018 study by NTEN found that eight in ten nonprofits didn’t have a cybersecurity policy in place.
Not having cybersecurity policies and procedures means that security basics more often than not are neglected. For example, in the NTEN study, more than half of nonprofits admitted that they don’t require multi-factor authentication to log into online accounts. The ramifications can be easily seen in the real world: In 2019, the nonprofit People Inc., which provides critical services like housing, health care, and employment to families, seniors, and individuals with developmental disabilities, suffered a data breach, which allowed an unauthorized person to access the email accounts of two employees. As a result, People Inc’s current and former clients’ personal data, including their names, Social Security numbers, medical information, and bank account information were compromised.
Read the full article about how nonprofits need to enhance cybersecurity by Rob Shavell at PhilanTopic.