AI Cyber Threats: 5 Ways Nonprofits Can Stay Safe

These days, the threat of cyberattacks is very real — lurking across seemingly every corner of the web.

And, unfortunately, not even nonprofit organizations are safe from these potentially devastating attacks. Although artificial intelligence (AI) has revolutionized and improved many industries in recent years, the reality is that it has also been abused to carry out all kinds of cyberattacks.

As a result, today's nonprofits may need to revisit and revamp their own cybersecurity strategies in order to protect their organizations and carry on with their missions.

How AI-Based Cyberattacks Work

Although AI frameworks were designed to prevent abuse or misuse, the unfortunate reality is that some criminals have found creative ways to use AI and even machine learning algorithms to facilitate and even automate attacks.

There are many ways in which AI can be used to facilitate a cyberattack. In some cases, for example, attackers may leverage AI to carry out phishing schemes by using the software to craft realistic messages or even voice/video recordings that users will fall victim to.

In other cases, AI may be used to deploy ransomware automatically, saving hackers time and making it possible to target victims more efficiently.

Why Are Nonprofits Being Targeted, Anyway?

Within the last few years, several nonprofit organizations across the globe have fallen victim to some major cyberattacks that have had a lasting impact on their reputations, causes and overall success.

In 2024, for example, UNICEF was hit by a cyberattack carried out by a self-proclaimed “threat actor 888.” This data breach led to the theft of confidential files from 11 countries, with data including administrative records, names and addresses and other contact information.

Unfortunately, it is likely that nonprofit organizations will continue to be targeted by hackers, threat actors and other criminals for a number of reasons.

First, because nonprofits are focused on carrying out their causes and achieving their missions, they often have much smaller cybersecurity budgets than their for-profit counterparts. This, in turn, can result in more security vulnerabilities that can be exploited.

Meanwhile, because many nonprofits had to digitize their operations as a direct result of the COVID-19 pandemic, this has also contributed (at least in part) to being more susceptible to online attacks.

All of this, combined with knowing that many nonprofit organizations don't have contingency plans in place for an attack, can increase their overall vulnerability in an already dangerous online landscape.

Cybersecurity Defense Strategies for Nonprofits

Even with AI leading to more cyber threats for nonprofits, there are some proactive steps all organizations can take to beef up security and mitigate their chances of falling victim to a devastating attack.

First, organizations should set aside the time and resources to revisit and assess their own cybersecurity practices. While most nonprofits simply cannot afford to have robust cybersecurity measures in place, some common-sense tactics can make all the difference. This includes:

• Ensuring that all computers and devices have firewalls and other basic security software in place.
• Providing employees and volunteers with cybersecurity training, including on recognizing the signs of phishing schemes and other common types of attacks.
• Setting up verification processes, including multifactor authentication on all organizational accounts.

In some cases, organizations may even consider fighting AI-based attacks with more AI. Specifically, AI detection tools can be used to spot fake voice and video messages that are often used in phishing attacks.

Finally, all nonprofits should have plans in place when it comes to how to handle an attack swiftly and responsibly to minimize damage, protect reputations and keep stakeholders informed. This way, even if your organization does fall victim to an attack, everybody will know exactly what to do (and what not to do) in the aftermath.

Time to Revisit Your Organization's Cybersecurity Plans?

Even as AI technology aims to make people's lives easier in a number of ways, it's important to recognize the ways in which it could be used for malicious purposes — especially against nonprofit organizations that may not have robust cybersecurity budgets in place.

Most importantly, nonprofits should set aside some time to assess their own cybersecurity practices and make some common-sense improvements where needed. This should involve providing more training to employees and volunteers, as well as setting up basic firewalls and other cybersecurity measures.

If you're still looking for ways to strengthen security at our nonprofit, you're not alone and you don’t have to figure it out on your own. Our team is here to help with simple, practical steps that make a real difference. Have questions or not sure where to start? Reach out, we’ve got your back.

To learn more about LGT and how we can serve you, contact us here.