(Source: Cybersecurity Ventures, 2022) Cybersecurity Ventures report that the cybersecurity landscape is becoming increasingly complex due to the rise of new technologies and the growing sophistication of cyber threats. Credential phishing and malware attacks are becoming more prevalent, posing significant risks to organizations, especially non-profit organizations. The reasons behind this surge in malicious activities can be attributed to several factors. Firstly, the increasing reliance on technology and digital platforms has created a treasure trove of opportunities for cybercriminals to exploit. With the rise of cloud computing, artificial intelligence, and the Internet of Things (IoT), there are more points of entry for attackers to gain access to sensitive information. (Source: Cybersecurity Ventures, 2022) Furthermore, the lack of cybersecurity awareness and education among the general public has contributed to the rise in credential phishing and malware attacks. Many individuals are not aware of the dangers of phishing emails, which can lead to them divulging sensitive information, such as login credentials, to malicious actors. This lack of awareness can be attributed to the increasing reliance on technology and the rapid pace of digital change, which can make it difficult for individuals to keep up with the latest security best practices. (Source: Cybersecurity Ventures, 2022) Additionally, the growing sophistication of cyber threats has made it increasingly difficult for organizations to defend against them. Cybercriminals are now using more sophisticated techniques, such as social engineering and advanced persistent threats (APTs), to gain access to sensitive information. These techniques are often difficult to detect and can result in significant financial losses for organizations. (Source: Cybersecurity Ventures, 2022) Non-profit organizations are particularly susceptible to these types of attacks due to their reliance on volunteers and external partners.

Ascension’s attack was particularly noteworthy because of its scale and the fact that it occurred just as the organization was transitioning to a new IT system. The attack began with a phishing email that tricked employees into installing malware on their devices. Once the malware was installed, it spread to other systems and networks, compromising multiple Ascension facilities across the country. The attackers gained access to sensitive patient information, including medical records and personal identifiable information. Ascension has stated that the attackers stole over 38,000 patient records, which is a significant breach. The attack highlights the importance of robust cybersecurity measures for nonprofits. Many nonprofits lack the technical expertise and resources to implement and maintain robust security measures. This lack of expertise can lead to vulnerabilities in their systems, making them more susceptible to attacks like the one that targeted Ascension. The attack also underscores the need for nonprofits to have robust incident response plans in place. An incident response plan outlines the steps an organization should take in the event of a security breach. A well-developed plan can help minimize the impact of a breach and reduce the risk of further attacks. Ascension’s attack demonstrates the importance of having such a plan in place, as the organization was able to limit the spread of the malware and contain the breach. The attack also highlights the importance of employee training and awareness. Many nonprofits have employees who are not technically savvy, and these employees can be vulnerable to phishing attacks. Employee training programs can help educate employees on how to identify and avoid phishing attacks, as well as how to report suspicious activity. In addition, the attack highlights the importance of regular security audits and vulnerability assessments. Regular security audits can help identify vulnerabilities in an organization’s systems and networks, allowing for proactive measures to be taken to address these vulnerabilities.

Protecting donor data, securing financial transactions and maintaining public trust are critical for nonprofits to continue their work without disruption.