2026 Nonprofit Cybersecurity Incident Report with Matthew Eshleman pt 2 episode artwork

EPISODE · Apr 24, 2026 · 31 MIN

2026 Nonprofit Cybersecurity Incident Report with Matthew Eshleman pt 2

from Community IT Innovators Nonprofit Technology Topics · host Community IT Innovators

In Part 2 of the 2026 Nonprofit Cybersecurity Incident Report, Community IT CTO Matthew Eshleman walks through the real attack examples his team saw hitting nonprofits in 2025: scareware pop-ups, fake invoices, DMCA impersonation notices, HR job scams, and calendar phishing. He also unpacks eight years of incident data and what the numbers actually mean — including a 70% spike in malware activity and a surprising drop in phishing reports that turns out to say more about tools than threat actors.The conversation closes with a practical look at what nonprofits should prioritize in 2026, from phish-resistant MFA to AI governance — because the gap between what your org has authorized and what your staff are already doing is quietly becoming one of your biggest risks.Haven't listened to Part 1 yet? Find it in your podcast feed.This episode covers:A 60% drop in reported phishing messages sounds like good news — but it reflects a tool switch, not a safer threat landscape, and underscores the value of regularly reevaluating your tools and using best of breed protections.Malware and endpoint virus activity surged 70% year over year, with AI enabling less sophisticated actors to launch more targeted attacks.Real attack examples from 2025: fake invoices with convincing ACH details, DMCA legal threats, HR job scams using your organization's identity, and calendar invites engineered to create urgency.New staff, HR contacts, and finance and operations roles are the highest-value targets for social engineering — and your training program should reflect that.Ungoverned AI is a growing data risk. Staff are already using free AI tools, and the downstream exposure is only beginning to show up.A strong cybersecurity foundation in 2026 means IT acceptable use policies, formal security awareness training, phish-resistant MFA, cloud identity monitoring, and consistent patching.Resources Mentioned:Nonprofit AI Governance Tips Webinar — May 27 with Senior Consultant Nuradeen AbokiNonprofit Cybersecurity Playbook — Community IT InnovatorsNonprofit IT Management Community — RedditHow to Use AI Tools Safely at Nonprofits — Community IT WebinarTalk to Matt About Your Cybersecurity Questions — Community IT _______________________________Start a conversation :)Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/email Carolyn at [email protected] LinkedIn on reddit/r/nonprofitITmanagementon the Community IT websiteThanks for listening. 

In Part 2 of the 2026 Nonprofit Cybersecurity Incident Report, Community IT CTO Matthew Eshleman walks through the real attack examples his team saw hitting nonprofits in 2025: scareware pop-ups, fake invoices, DMCA impersonation notices, HR job scams, and calendar phishing. He also unpacks eight years of incident data and what the numbers actually mean — including a 70% spike in malware activity and a surprising drop in phishing reports that turns out to say more about tools than threat acto...

NOW PLAYING

2026 Nonprofit Cybersecurity Incident Report with Matthew Eshleman pt 2

0:00 31:52

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Community IT Innovators Nonprofit Technology Topics?

This episode is 31 minutes long.

When was this Community IT Innovators Nonprofit Technology Topics episode published?

This episode was published on April 24, 2026.

What is this episode about?

In Part 2 of the 2026 Nonprofit Cybersecurity Incident Report, Community IT CTO Matthew Eshleman walks through the real attack examples his team saw hitting nonprofits in 2025: scareware pop-ups, fake invoices, DMCA impersonation notices, HR job...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Community IT Innovators Nonprofit Technology Topics episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!