On Thursday, Microsoft introduced a new suite of tools designed to protect nonprofits from threats such as cyberattacks from nation-states. The company noted the increased number of threats against nonprofit foundations globally.
The Microsoft Security Program for Nonprofits is a series of tools and programs designed to help organizations secure their critical assets. The program includes free security assessments, free access to the AccountGuard security program, and training for IT administrators and users.
Microsoft’s goal is to sign up 10,000 nonprofit organizations by the end of 2022 and 50,000 organizations over the next three years.
The company has decided to create the program because nonprofits have become the second most targeted industry by nation-state attacks. Microsoft says that NGOs received a big chunk of its threat notifications from 2018 to 2021.
“31% of all nation-state notifications that we send out to organizations go to nonprofits. These are organizations that are human rights organizations, think-tanks, organizations with sensitive information that nation-states want to get their hands on,” Justin Spelhaug, vice president of Microsoft Tech for Social Impact, said.
“Cybersecurity threats are on the rise and most nonprofit organizations do not have the same advanced network security protocols or resources or security models that a well-funded private corporation might have. 70% of nonprofit organizations haven’t conducted a vulnerability assessment, 80%, based on our research, don’t have a cybersecurity strategy in place. And that just makes cybersecurity threats more of a reality each and every day. The attacks are becoming more sophisticated.”
The program is also expected to help organizations that need to comply with cybersecurity insurance rules and assist in finding security their gaps.
“Most nonprofit organizations do not have large IT teams. They do not have in-depth security specialists and they do not have consulting firms guiding their every action to protect their data and they often are federated, meaning they have disparate IT systems and different environments under the same organization,” Spelhaug said.