EPISODE · Apr 24, 2026 · 31 MIN
2026 Nonprofit Cybersecurity Incident Report with Matthew Eshleman pt 2
from Community IT Innovators Nonprofit Technology Topics · host Community IT Innovators
In Part 2 of the 2026 Nonprofit Cybersecurity Incident Report, Community IT CTO Matthew Eshleman walks through the real attack examples his team saw hitting nonprofits in 2025: scareware pop-ups, fake invoices, DMCA impersonation notices, HR job scams, and calendar phishing. He also unpacks eight years of incident data and what the numbers actually mean — including a 70% spike in malware activity and a surprising drop in phishing reports that turns out to say more about tools than threat actors.The conversation closes with a practical look at what nonprofits should prioritize in 2026, from phish-resistant MFA to AI governance — because the gap between what your org has authorized and what your staff are already doing is quietly becoming one of your biggest risks.Haven't listened to Part 1 yet? Find it in your podcast feed.This episode covers:A 60% drop in reported phishing messages sounds like good news — but it reflects a tool switch, not a safer threat landscape, and underscores the value of regularly reevaluating your tools and using best of breed protections.Malware and endpoint virus activity surged 70% year over year, with AI enabling less sophisticated actors to launch more targeted attacks.Real attack examples from 2025: fake invoices with convincing ACH details, DMCA legal threats, HR job scams using your organization's identity, and calendar invites engineered to create urgency.New staff, HR contacts, and finance and operations roles are the highest-value targets for social engineering — and your training program should reflect that.Ungoverned AI is a growing data risk. Staff are already using free AI tools, and the downstream exposure is only beginning to show up.A strong cybersecurity foundation in 2026 means IT acceptable use policies, formal security awareness training, phish-resistant MFA, cloud identity monitoring, and consistent patching.Resources Mentioned:Nonprofit AI Governance Tips Webinar — May 27 with Senior Consultant Nuradeen AbokiNonprofit Cybersecurity Playbook — Community IT InnovatorsNonprofit IT Management Community — RedditHow to Use AI Tools Safely at Nonprofits — Community IT WebinarTalk to Matt About Your Cybersecurity Questions — Community IT _______________________________Start a conversation :)Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/email Carolyn at [email protected] LinkedIn on reddit/r/nonprofitITmanagementon the Community IT websiteThanks for listening.
What this episode covers
In Part 2 of the 2026 Nonprofit Cybersecurity Incident Report, Community IT CTO Matthew Eshleman walks through the real attack examples his team saw hitting nonprofits in 2025: scareware pop-ups, fake invoices, DMCA impersonation notices, HR job scams, and calendar phishing. He also unpacks eight years of incident data and what the numbers actually mean — including a 70% spike in malware activity and a surprising drop in phishing reports that turns out to say more about tools than threat acto...
NOW PLAYING
2026 Nonprofit Cybersecurity Incident Report with Matthew Eshleman pt 2
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.