Join CTO and Nonprofit Cybersecurity expert Matthew Eshleman as he walks through the third annual Community IT Nonprofit Cybersecurity Incident Report.
This report looks at the different types of attacks that occur at small and mid-sized nonprofit organizations. Is your nonprofit prepared?
Matt also shares advice on security improvements that provide protection against the most common attacks. Learn the role of leadership in placing a value on cybersecurity preparedness for your nonprofit and the long term planning that should accompany your immediate assessment of your security risk.
Matt touches on vendor hacks from 2020 including Blackbaud and SolarWinds and discusses steps your nonprofit should take to understand your risk level.
Learn about real cyberattacks on nonprofit organizations and how they responded to these attempted hacks. Matt gives you the tools you need to protect your organization and staff from cybercrimes.
Many of these tips you can put in place quickly and train your staff on immediately.
Download the full report or view here: https://communityit.com/2021-nonprofit-cybersecurity-incident-download/
6. CYBERSECURITY LANDSCAPE
Persistent and ongoing brute force
attacks on identities
Sophisticated spear phishing
Organizations targeted because of the
work they do
Attacks targeting vendors
13. Threat
Actor
The entity perpetrating the attack, whether an
individual, cybercriminal network, corporate rival
or state sponsored adversary. Most often this will
be the external “bad guy” that sends the phishing
email or encrypts the files.
14. Incident
An event that compromises the integrity,
confidentiality or availability of an information
asset.
15. Breach
An incident that results in the confirmed
disclosure—
not just potential exposure—of data to an
unauthorized party.
16. Types of
incidents
• Spam: unwanted or inappropriate email
that is sent to a large number of recipients
• Malware: any type of malicious software,
usually reported by the end user as a slow
computer or strange pop-ups
• Account Compromise: unauthorized use of
a digital identity by someone other than
assigned user
17. Types of
incidents
• Spear phishing: scam using traditional
confidence scheme techniques combined with
email impersonation to extract funds through
illicit means
• Wire Fraud: any fraudulent or deceitful scheme
to steal money by using phone lines or
communications through electronic means
• Virus: a malicious piece of software that can
alter the way a computer works, typically
from one computer to another, often rendering
the computer and/or data unusable
18. Types of
incidents
• Supply Chain: an attack that is initiated
through a partner of the organization. Also
known as a value-chain or third-party attack.
• Advanced Persistent Threat: State-Sponsored
actor or criminal group focused on targeting a
specific organization or individual, operating
over a long period of time with a goal of
remaining undetected and exfiltrating data.
• Ransomware: a type of virus that has the
characteristic of encrypting files and then
demanding payment for decrypting the files.
21. Trends
Cybersecurity incidents continue to climb
Third party vendors / partners are a notable
threat vector broadly
MFA is extremely effective
Account compromise is still at a high level
22. Data
Analysis
• Advanced PersistentThreats are only increasing
efforts and targeting Policy Orgs andThinkTanks
• If an org has been compromised once, more
attacks are likely
• Social service organizations more susceptible to
Business Email Compromise
• MFA is effective in preventing account
compromise
23. Anatomy of an Attack
User clicks on
malicious link
Enters password
on site
Password used
to login to
account and
setup mail rules
24. SECURE YOUR
NETWORK
01
IMPLEMENT MULTI-FACTOR AUTHENTICATION
Protects against: account compromise
02
03
IMPLEMENT A SECURITY AWARENESS TRAINING
Protects against: email phishing, account compromise,
business email compromise and wire fraud.
Establish an IT Acceptable Use Policy
Protects against: misguided and misaligned IT Initiatives
26. Let’s Talk:
Email: cybersecurity@communityIT.com for a complimentary DarkWeb
Scan to see what accounts are already compromised.
Meet: Books some time with me https://meetings.hubspot.com/meshleman
MIP – March
BoardSource – June
Blackbaud – July
BCPSS – November
SolarWinds - December
According to the Verizon Data Breach Investigations Report, while espionage gets the headlines, it accounts for only 10% of breaches, with 86% of attacks being financially motivated and just 4% caused by Advanced Threats1
2018: 233
2019: 509
2020: 690
Only 2 accounts had MFA and were compromised. One was an APT and the other was user error
This is an example of a multi-stage attack that we observed.
Ticket 645314 December 18, a user reports a suspicious email that has a link to an “encrypted invoice” from an existing vendor. We review, confirm that it isn’t legitimate and ask them to delete the message.
Ticket 649965 Jan 6th, confirmed user account is compromised. Follow remediation process.
Ticket