Training the Nonprofit Workforce – Avoid Falling Victim to Phishing!

By Tim Bloechl

Director, Cyber Security, CyberDx

Ask any security professional what the biggest security threat to the network is and they and their own fellow employees are likely the answer phishing. Despite this consensus, many organizations accept their personnel may cause a malware outbreak and have instead focused their budget on other defensive techniques, rather than prevention through providing training to employees. Untrained employees can cost a nonprofit corporation or foundation substantially more money in the long run.

The news is full of horror stories describing phishing attacks, which trick users into providing sensitive data, executing malware, or causing data loss that severely impacts operations. A troubling trend is phishing attacks which distribute Ransomware and encrypt user hard drives and data stores, thus preventing organizations from accessing their information. Last year, there were over 350,000 reported Ransomware cases. In many cases these Ransomware attacks can target data backups, as well as cloud based drives. Recently, there have been several incidents where ransomware infected hospital networks, caused the loss of patient data access, and even forced administrators to relocate patients and resort to paper based records. Also, law enforcement agencies are not immune to such attacks as several police departments have been forced to pay the ransom or risk losing access to case files and other sensitive investigation information.

Unfortunately, phishing attack volume is projected to increase in 2016 as access to malware increases. Several criminal, yet highly technical, groups have released toolkits which generate malicious code automatically and allow unskilled attackers the ability to distribute and insert malware they could not have developed on their own. These types of attacks can cost tens of thousands of dollars in lost employee productivity, malware containment, and network remediation efforts. The Ponemon Institute estimates a phishing attack can cost a large business (10,000 users and up) over $3.5 million a year.

Learn more about how to train your workforce to defeat these cyber threats by visiting the CyberDx booth, attending our “Defend Yourself Against the Growing Cyber Threat” session at 2:05 PM on November 17th in the Pavilion, and participating in our panel discussion “The Charitable Sector – Under Cyber-attack?” at 8:30 AM on November 18th, featuring Phil Reitinger, the former Chief Information Security Officer for Sony Corporation who was hired to fix their $100M+ mess after the Sony 2011 data breach, and Melissa Hathaway who authored President Obama’s cyber security strategy.