TANGO Partners Perspective – August 2020
PROTECT YOUR INFORMATION FROM HACKERS!
Lynn Souza, CEO
- Many NPOs utilize outdated technology and lack cyber awareness, making them easy victims for third party breaches
- A recent third party software breach costed 25,000 NPOs their donor data
- There are four key actions NPOs can take to defend against costly cyber attacks
Nonprofit organizations collect incredibly sensitive information about their members and donors, which can include social security numbers, credit card information, and even medical information. Without proper cybersecurity processes, policies and technology in place, one single breach could create many financial, reputational and organizational problems. Fortunately, there are things that can be done to protect your entire organization and its mission.
NPOs: The Low Hanging Fruit
Many hackers will seek out and target “low hanging fruit” – organizations with easily exploited vulnerabilities. Many nonprofits still rely on out-of-date legacy systems (such as Windows 7) that are especially vulnerable to malware or ransomware. Additionally, their employees and volunteers lack the necessary training and technology to detect and protect threats creating huge vulnerabilities for email based attacks. As a result, NPOs are often considered the “lowest hanging fruit”.
Third Party Risk: A Growing Threat
One of the easiest ways for hackers to access the “low hanging fruit” is through a supply chain. Supply chain attacks are easy ways for cyber criminals to access a large amount of data in one swoop and eliminates the need to target multiple sources.
Hackers often exploit the weak links in the supply chain – such as organizations with legacy systems and email vulnerabilities – to launch their attack. The origin of many cyber attacks are a result of a third party breach. In fact, in a survey with Ponemon Institute, 61 percent of U.S. organizations said they have experienced a data breach caused by one of their supply chain vendors or third parties in the past year.
Recently, a ransomware attack on Blackbaud—a global leader in nonprofit engagement and fundraising technology with more than 25,000 institutional customers around the world— resulted in corresponding data breaches to their nonprofit clients. NPOs that collect personal donor information such as social security numbers, credit card, or financial data were left exposed from this third party attack.
What You Can Do
Threat awareness and a proactive approach to security can go a long way in keeping organizations secure. Here are four things NPOs can do to help stop attacks before they happen:
- Think like a hacker – Security awareness is a vital component of effective cybersecurity. In fact, research shows that security awareness training can reduce clicks on phishing links by 70% when delivered with regularity. Understanding hacker practices and motivations can help you predict potential threats and thwart attacks.
- Follow a cybersecurity framework – A framework such as the cybersecurity framework created by the U.S. National Institute of Standards and Technology (NIST) was built with the intentions of allowing organizations to measure their cybersecurity posture relative to the threats they face. Resources to this framework are free and proven to be successful. By aligning your people, processes and technology with a framework, you can create a seamless cybersecurity program and culture.
- Leverage advanced technologies – Today’s standard security solutions – such as Antivirus and Firewall – are no match for sophisticated attacks that continue to increase in complexity and are automated at scale. The best way to combat targeted attacks is to quickly and automatically remediate threats that do get through. Advanced monitoring solutions improve the accuracy of detection and speed of response, which are critical against sophisticated attacks.
- Implement multiple layers of defense – The beauty of having multiple layers of defense are that if one layer fails, another will rebound. For example, if a volunteer or employee accidentally clicks a phishing email (after going through cyber awareness training) a threat detection tool can immediately stop the attack in its tracks and prevent further spread / damage.
In the age of technology, nonprofit organizations continue to increase their reliance on third parties which often results in sharing confidential and sensitive information across many channels. Yet, only 34 percent keep a comprehensive inventory of these third parties. As the reliance grows, the risk grows with it. Understanding why hackers are after your information and what actions you can take to protect your information can help you stop debilitating attacks before they happen.
Check out our exclusive offerings to TANGO Members by clicking here.