Many nonprofits, already challenged by regulatory and funding pressures, lack the economic or human resources to efficiently and economically address issues related to information technology and telecommunications. Of course, these are the very systems on which they must rely (to greater degree every day) to enhance services, automate processes and report program achievements. These issues become even more burdensome if disruption, degradation or unauthorized alteration of information or systems are adversely affected by malicious acts, which are increasing significantly.
- The majority of organizations in almost every business sector have been hacked. The manufacturing, public and professional/financial services sectors were the targets of 27%, 20% and 13% of the attacks, respectively.
- Attacks are targeted. 70-90% of malware is unique; that is, created for a single organization. Flash-based ads are the leading source of malware today. Of the top 10 causes of infections or espionage, the top two are people opening an email attachment and clicking on links in emails. These accounted for over 75% of incidents.
- The costs of physical property loss or business interruptions are considered low by some due to the existence today of numerous outlets from which information may be recovered. However, more devastating are financial losses from stolen intellectual property, trade secrets and public sector information, such as IRS taxpayer records.
- Most computer security breaches could have been stopped if already-existing system protections, such as anti-virus software, were utilized. However, many IT providers and/or end users do not install or update them as they interfere with operating systems. Many employ the “fix it after it breaks” methodology. In addition, not all protection software works adequately against rapidly-evolving attacks. As a result, some industry sources believe that an estimated 47% of all computer users have been compromised. If you are a nonprofit with 20, 50 or 150 computer users, your IT risks and remediation challenges compound at an incredible rate.
- traditional hardware isolation, where the operating system (OS) protects by isolating corrupted files, to
- desktop virtualization, where software isolates OS processes or applications, to
- micro-virtualization, which currently is the only technology that can hardware-isolate all untrusted activity of an application at a granular level. The OS hardware isolates critical system components, data and application tasks using CPU features for desktop virtualization. The OS distributes advanced threat analysis as a protective measure, so even if the system is compromised, key data files cannot be stolen. It enables real-time organization-wide protection that doesn’t interfere with the end-user experience.
It’s critical to be informed about cyber security, which the National Institute of Standards and Technology defines as “the process of protecting information by preventing, detecting, and responding to attacks.” As part of technological security, and regardless of the size or state of your organization’s IT assets, you should consider management of internal and external threats and vulnerabilities to protect information and the supporting infrastructure from cyberattacks. For help assessing your nonprofit’s cyber security risks and preparedness, contact me at [email protected] or 609-689-9700.