Computer security experts say cybercrime is growing rapidly and will cost companies an estimated $24 trillion by 2027.
A new study from UC Berkeley aims to help nonprofits defend themselves against cybercriminals with the help of local governments. Food banks and other nonprofits often collect sensitive financial information from donors, as well as from the community members they serve.
But unlike companies with larger budgets for information technology and security, nonprofits too often have little leeway to protect themselves.
“They have to face professional criminal organizations that want to steal money from them,” says Sarah Powazek.
Powazek is a researcher at the Berkeley Center for Long-Term Cybersecurity.
According to Powazek, after government agencies, nonprofits are the sector most targeted by cyber attacks. They are also among the least willing to defend themselves.
Powazek helped lead a survey of 68 local nonprofits to better understand their needs.
“What we do is not just create results, but also connect them to the people who are actually able to meet those needs,” Powazek said.
That’s where local governments – which have better-funded cybersecurity teams – can play a bigger role. It’s a move that makes sense for cities, which help fund many of the nonprofits that provide services to ordinary residents and many of the less fortunate.
Michael Makstman is Chief Information Officer and leads the Department of Technology for the City and County of San Francisco.
“We’re going beyond what is a traditional role and traditional mission of protecting the city, to start protecting our key partners in the city, community organizations, because that’s how we really protect San Franciscans,” Makstman said .
Many of the nonprofits surveyed are asking for a live helpline for free cybersecurity and IT support and for one-on-one advice from professionals who can recommend improvements.
Craigslist founder Craig Newmark is a major donor to Berkeley’s CLTC.
“As the Batman would say, I’m probably not the nerd you want, but I’m the nerd you got,” Newmark said.
The billionaire is counting on partnerships with cities like San Francisco to improve the cyber resilience of not only nonprofits, but also to protect key infrastructure such as water, energy and space from cyber attacks by foreign adversaries.
“We have to get very serious about what some people call cyber resilience or we’re going to have a big problem,” Newmark said.
The CLTC also recommends that the city host events where nonprofits can network with cyber professionals, secure grant money to recruit cyber talent, and create internship programs with students to help nonprofits with cybersecurity.
“They should view these as extensions of the city’s own infrastructure. So we’re very happy to see that, and we hope that more cities across the country will work more closely with their nonprofits and help them, especially with technology and cybersecurity,” Powazek said.
They work together against cyber thieves with trillions at stake. More than half of nonprofits surveyed say they are short of full-time IT staff. They reported being most affected by phishing attacks, followed by business email compromise and credit card or bank account fraud.
Researchers plan to conduct similar studies in other cities.
Kenny Choi
