Join CTO Matthew Eshleman as he walks through the inaugural Nonprofit Cybersecurity Incident Report from Community IT Innovators. This report looks at the different types of attacks that occur at small and mid-sized organizations. He also shares advice on security improvements that provide protection against the most common attacks.
Learn the role of leadership in placing a value on cybersecurity preparedness for your nonprofit and the long term planning that should accompany your immediate assessment of your security risk.
For the video of the presentation or to subscribe to future webinars: https://www.communityit.com/connect-with-us/webinars/
2. Survey Questions
• How confident are you with your organization’s cybersecurity?
• Very / somewhat / not at all
• Who’s responsible for cybersecurity in your organization?
• Me / IT Department / Operations / No one
• Do you have a plan to improve cybersecurity at your org?
• Yes, underway / Waiting on Approval / Just getting started / Nope
7. CYBERSECURITY LANDSCAPE
Persistent and ongoing brute
force attacks on identities
Sophisticated spear phishing
68% of Nonprofits don’t have an
Incident Response Plan
Breach response for a small to
medium business is $149,000
10. Incident
An event that compromises the integrity,
confidentiality or availability of an
information asset.
11. Breach
An incident that results in the confirmed
disclosure—
not just potential exposure—of data to an
unauthorized party.
12. Types of incidents
• Email Phishing: a social engineering attack that attempts to
get a user to click on a link that goes to a malicious site that
contains malware or steals credentials
• Malware: any type of malicious software, usually reported by
the end user as a slow computer or strange pop-ups
• Account Compromise: unauthorized use of a digital identity
by someone other than the assigned user
13. Types of incidents
• Business Email Compromise: scam using traditional
confidence scheme techniques combined with email
impersonation to extract funds through illicit means
• Wire Fraud: any fraudulent or deceitful scheme to steal
money by using phone lines or electronic communications
through electronic means
• Virus: a malicious piece of software that can alter the way a
computer works, typically spread from one computer to
another, often rendering the computer and/or data unusable
14. Types of incidents
• Supply Chain: an attack that is initiated through a partner of
the organization. Also known as a value-chain or third-party
attack.
• Advanced Persistent Threat: State-Sponsored actor or
criminal group focused on targeting a specific organization or
individual, operating over a long period of time with a goal of
remaining undetected and exfiltrating data.
• Ransomware: a type of virus that has the characteristic of
encrypting files and then demanding payment for decrypting
the files.
16. SECURE YOUR NETWORK
01
IMPLEMENT MULTI-FACTOR AUTHENTICATION
Protects against: account compromise
02
IMPLEMENT A SECURITY AWARENESS TRAINING PROGRAM
Protects against: email phishing, account compromise,
business email compromise and wire fraud.
03
HAVE A COMPREHENSIVE DEVICE MANAGEMENT PLAN
Protects against: malware, account compromise, viruses, advanced
persistent threats
04
GET A SECURITY ASSESSMENT
Protects against: investing in security solutions that do not
have a clear ROI