According to a research, in 2023, 27% of nonprofits worldwide encountered a cyberattack. This sector appeals to cybercriminals for several reasons, the key being the high volumes of money generated from such attacks. For example, charities alone raised 12.7 billion in funds in the UK last year. Criminals seek out high-income charities with £500,000 or more in annual income in particular, and more than 56% of such charities have experienced a cyberattack.
“To make matters worse, nonprofits often lack dedicated IT departments or cybersecurity professionals due to budget constraints, making it easy for hackers to exploit such organizations,” says Carlos Salas, a cybersecurity expert at NordLayer.
Top 5 cybersecurity challenges for nonprofit organizations
Various types of NGOs, such as charities, often circulate high volumes of financial resources, and when this factor is combined with their low cybersecurity barriers, they can look extra appealing to cybercriminals.
Examples of cyberattacks include the Australian fundraising service Pareto Phone, which was even forced to shut down its operations after a massive data breach last year. Save the Children, Friends of the Earth, Dogs Trust, Cats Protection, Battersea, and the RSPCA were also hit with ransomware attacks.
“Due to their nature, nonprofits are often linked with high optimization and lack of resources to not-so-critical infrastructure needs. This is how cybersecurity matters are sometimes brushed off,” Salas says.
Salas shares five techniques that hackers might implement when attacking an NGO:
- Phishing attacks. Dodgy emails, with links trying to redirect the user to fraudulent sites, are a type of scam that is still the most prominent across all industries.
- Data breaches. Phishing attacks, employee negligence or sharing credentials, and other reasons can lead to unauthorized access and theft of sensitive information. Such data is then sold on the dark web.
- Malware. Sensitive data may be compromised by malicious software that gains access to networked PCs or mobile devices.
- Social engineering. Cybercriminals use human gullibility as a tool to control people and obtain unauthorized access to company systems. They frequently do this using text, phone, or email messages.
- Ransomware. It is another type of malware that can be installed via phishing attacks or poor user practices. Ransomware steals the most important data and holds it hostage until an amount of money is paid.
What are the ways to stay protected?
According to Microsoft, 98% of basic cybersecurity hygiene protects from cyberattacks. Salas explains how, even without a big budget, it is possible to operate securely:
“I recommend investing in cybersecurity education. Remember that the human link is the most crucial part of the cybersecurity chain. Be aware of current cybersecurity challenges and good practices. Speaking of good practices, simple things like strong passwords, multi-factor authentication, and private networks can really make an impact.”
“Also, install updates in a timely manner. This helps to protect the organization from potential attacks that result from security holes. Additionally, invest in cybersecurity solutions like zero trust network access. For remote employees, this grants secure remote access to an organization’s applications, data, and services.”