Honor among thieves

Hackers are well known for attacking large corporations and financial institutions, but what about small business?  Charities?  Non-profit organizations?  Certainly those get left alone, right?


While small businesses, non-profit and charity organizations are traditionally thought to be less likely to be hacked for financial gain, recent events have proven this to be untrue.  Such organizations are becoming targets due to the utilization of volunteers, use of low cost or no cost software and out of date systems.   In February 2015, the National Center for Charitable Statistics was hacked. The organization that uses its base of 990s to analyze trends in the nonprofit sector lost 740,000 records including usernames, passwords, IP addresses and other account data.  The Red Barn, a small Alabama nonprofit offering equine therapy and recreational activities for disabled children and veterans, was hacked in April 2015 by an ISIS sympathizer. For days, the website displayed an ISIS flag and pro-Islamic State message.  In the UK a suicide prevention charity (CALM) was hacked in July of 2015, losing sensitive PII information for both clients and benefactors. April of 2016 NCT, a parenting charity, was hacked and thousands of user records were stolen.  In early 2017 a children's cancer charity was hacked, sending emails filled with graphic diatribe out to parents who lost their children to cancer.  In February of 2017 a Canadian charity which raises money for medical costs was hacked, with the list of contributors emails stolen and used in a phishing scheme.

In a 2016 report, Symantec estimated that  43% of hacking attacks targeted small business (https://www.symantec.com/security-center/threat-report).  The U.S’ National Cyber Security Alliance reported that 60% of small companies close within six months of a cyber attack. The Ponemon Institute reports that the average cost for small businesses to clean up after a hack stands at $690,000.  For middle market companies, it’s over $1 million.

Hackers have found that security practices are more relaxed among these targets and exploit the perceived weakness.  Don't let your organization become one of these statistics, contact Quandary Tech Solutions today and find out how we can help.