What’s keeping you up at night? Cybersecurity considerations for NFP leaders

Not-for-profit principal Laurie Horvath sat down with Joe Shusko, Baker Tilly cybersecurity principal, to discuss trends not-for-profit (NFP) organizations are experiencing with cybercrimes and what our clients should be aware of when building their control structure.  

Laurie: Joe, you’ve evolved into our clients’ best friend and worst enemy; our clients appreciate you keeping them informed and aware. But you also give them more things to worry about in the cyber realm. What type of cyber activities are you seeing that target NFP organizations?

Joe: We appreciate our role in helping keep Baker Tilly’s NFP clients safe and secure on the Information Technology (IT) front. Cybercrime continues to grow and advance, making it reasonable to estimate that approximately half of all incidents occur at smaller companies and organizations such as not-for-profits. Some of the most common attack strategies we’re seeing are business email compromise, wire fraud and ransomware. Many of these attacks leverage advanced social engineering tactics to give them a sense of authenticity. With advancements in artificial intelligence (AI) technology, these attacks are getting more sophisticated and easier to launch.

Laurie: That’s scary. I remember you mentioning how these ‘cyber bad guys’ are investing in talent and operating with more of a business-like mindset. It seems to be paying off for them.

Joe: You’re right. In years past, cybercrime was more about data theft and disruption, but now it has become a booming black-market business that generates significant income. While it’s difficult to truly measure the size of the problem, recent estimates indicate that cybercrime generated $8 trillion dollars in 2023! For some context, only the U.S. and China have a larger economy than that of these cyber criminals. That level of “earning” has given rise to niche criminal groups who specialize in a particular type of attack and then “sell” their services to other “cyber bad guys.” This has led to a rise in highly talented and organized criminals with the ability to leverage the most advanced technology, significantly reducing the barrier to entry. With the use of advanced AI technology and social engineering techniques, I wouldn’t be surprised to see attacks start to incorporate voice replication and other convincing tactics. Imagine getting a phone call from your executive who is on vacation, asking you to process an urgent wire payment. It is only going to get more difficult to identify fraud going forward.