IT enterprises have more types of cybersecurity tools at their disposal today than ever before, and it’s increasingly difficult to determine which of these tools are truly needed for any particular environment.
Monetizing the budget value of individual security expenditures is incredibly challenging for IT security teams, so it may not be feasible to make purchasing decisions on that basis. Rather, nonprofits need to assess where their security weaknesses are and identify the tools that can best mitigate these weak links while adhering to budget constraints.
Nonprofits have tended to lag behind other organizations in terms of security tool adoption because of limited funding and, often, a generally trusting, open-minded culture. Often they do not monitor and restrict what employees and volunteers do. Unfortunately, this exposes nonprofits to many more threats and can ultimately result in major data breaches that compromise sensitive information and lead to financial loss and embarrassment. Threats continue to intensify, so nonprofits should assess their existing security systems and identify instances where they might consider replacing those resources or adding new tools.
Based on today’s threats and security tools, most nonprofits will find the greatest benefit from focusing on four core security areas: web security, advanced persistent threat detection, security resource consolidation and virtual environment security.
The Current Threat Landscape
Cybercriminals are increasingly focused on specific segments. Attackers are looking for the sensitive data that will financially benefit them the most. Nonprofits may have various types of sensitive information on their systems, including personal information and credit card numbers for donors, and sensitive information on nonprofit beneficiaries. This information could lead to significant financial gain for attackers. Major breaches against large banks, retailers and other companies are filling the headlines, and nonprofits are certainly being breached as well.
Security professionals at nonprofits may not be aware of the increasing volume and sophistication of attacks. Symantec’s 2015 Internet Security Threat Report has some startling statistics. For example, in 2014, attackers released more than 300 million new variants of malware. Older security tools simply cannot detect these new attacks effectively.
It’s not surprising to hear that targeted attacks are on the rise, but many of these attacks are now targeting small and midsize organizations. No enterprise is safe from today’s threats, and losses continue to increase. According to the 2015 Cost of Data Breach Study by the Ponemon Institute, the average consolidated total cost of a data breach is up to $3.8 million.
To counter today’s threats, nonprofits need to increase and accelerate their efforts to protect their data and systems. This can be particularly challenging for nonprofits compared with other organizations because of the limited funding typically available for their security. However, by focusing on the acquisition of bundled solutions (many security tools integrated into a single product) and by ensuring that any new solutions are easy to maintain and monitor, a nonprofit can improve its security without overspending.
For more information on security solutions, read the white paper “Cybersecurity for Nonprofits.”