UC Berkeley cybersecurity study hopes to improve defenses of nonprofit organizations
Computer security experts say cybercrime is rapidly rising and will cost companies an estimated $24 trillion by 2027.
A new UC Berkeley study aims to help non-profits defend themselves against cyber criminals with the help of local governments. Food banks and other nonprofits often collect sensitive financial information from donors, as well also those community members they serve.
But unlike companies with larger budgets dedicated to information technology and security, nonprofits too often have very little wiggle room to protect themselves.
"They have to go up against professional criminal organizations that are out to try and steal money from them," said Sarah Powazek.
Powazek is a researcher at the Berkeley Center for Long-Term Cybersecurity.
According to Powazek, nonprofits are the second-most-targeted sector by cyber attacks after government agencies. They are also are among the least prepared to defend themselves.
Powazek helped lead a study of 68 local nonprofits to better understand their needs.
"What we're doing is not just creating results, but connecting them to the folks who are actually able to fill those needs," said Powazek.
That's where local governments -- which have better funded cybersecurity teams -- can play a larger role. It's a move that makes sense for cities, which help fund many of the nonprofits providing services to everyday residents and many of the underserved.
Michael Makstman is chief information officer leading the Department of Technology for the City and County of San Francisco.
"Going beyond what a traditional role, traditional mission of protecting the city is, to start protecting our key partners in the city, community based organizations, because that way we really protect San Franciscans," said Makstman.
Many of the surveyed nonprofits are asking for a live helpline to call for free cybersecurity and IT assistance and one-on-one consulting with professionals who could recommend improvements.
Craigslist founder Craig Newmark is a major donor to Berkeley's CLTC.
"Like the Batman would say, I'm probably not the nerd you want, but I'm the nerd you got," said Newmark.
The billionaire is banking on partnerships with cities like San Francisco to improve the cyber resilience of not only nonprofits, but also protecting key infrastructure like water, power, and space from cyber attacks by foreign adversaries.
"We've got to get really serious about what some people call cyber resilience, or else we have a big problem," said Newmark.
The CLTC is also recommending the city host events where nonprofits can network with cyber professionals, secure grant money to recruit cyber talent, and set up internship programs with students to help nonprofits with cybersecurity.
"They need to be thinking about these as extensions of the city's own infrastructure. So we're very glad to see that, and we hope to see more cities across the country start to work more closely with their nonprofits and help them, especially with technology and cybersecurity," said Powazek.
They're teaming up against cyberthieves with trillions on the line. More than half of nonprofits surveyed said they lack full-time IT staff. They most often reported being hit with phishing attacks, followed by business email compromise and credit card or bank account fraud.
Researchers plan to conduct similar studies in other cities.
