Cybersecurity for Nonprofits in the Age of AI-Based Attacks

Nonprofit organizations (NFPs) are increasingly becoming targets for cybercriminals. With limited budgets and resources primarily focused on fulfilling their missions, these organizations often struggle to implement robust cybersecurity measures.

This vulnerability is further exacerbated by the growing threat of AI-based attacks, which are becoming more sophisticated and prevalent. In this blog post, we will explore the recent cyberattacks on nonprofits, the reasons why these organizations are attractive targets, and the tactics used by cybercriminals, including AI-driven threats.

Recent cyber breaches on nonprofit organizations

Nonprofit organizations have faced several significant cyberattacks in recent years. Some notable incidents include:

• UNICEF (April 2024) — A significant data breach involving data from 11 countries by threat actor 888.
• Save the Children International (September 2023) — Ransomware gang BianLian stole 6.8TB of data, including HR files, financial records, medical and health data, and personal information. 
• Doctors Without Borders (January 2022) — A server located in Spain was compromised, and black-market brokers were selling access to the server on the Dark Web. 
• International Committee of the Red Cross (ICRC) (January 2022) — A sophisticated cyberattack resulted in a data breach involving the personal information of 515,000 vulnerable people, hampering their ability to reconnect families following disastrous events.

Many of our small- to mid-size clients struggle with where to start and how to allocate resources to identify cyber vulnerabilities. We’ve developed a cybersecurity assessment for organizations like this, with average price points of $10 – 15k as of 2025, to help our clients get started on the road to enhanced security.
Kelsey Vatsaas, Managing Principal, Nonprofit, CLA

Who are the attackers?

Cybercriminals targeting nonprofits come from various backgrounds, including: 

• Nation states (APTs) — These attackers are well-funded and resourced, motivated by financial gain, geopolitical causes, economic disruption, and espionage.
• Organized crime and ransomware gangs — These groups are motivated purely by financial gain, targeting businesses or individuals.
• Hacktivists — These groups are driven by ideology and social causes, with groups like Anonymous being the most famous examples.
• Insider threat actors — These are employees who misuse their access to compromise data security out of curiosity, ignorance, revenge, or financial gain.
• Hackers — Hackers are skilled individuals seeking to increase their visibility and street credibility on the Dark Web by boasting of compromising the networks and systems of well-known companies and organizations.

Why are nonprofit organizations attractive targets?

Nonprofits are considered ideal targets for several reasons:

• Limited budgets — Most funds are dedicated to fulfilling their mission, leaving little for cybersecurity.
• Perception of weak cybersecurity controls — Nonprofits often struggle to attract cybersecurity talent and implement robust measures.
• Large attack surface — The COVID-19 pandemic forced nonprofits to digitize their operations, increasing their vulnerability.
• Resource diversion — Following an attack — especially ransomware — nonprofits usually can’t afford to divert resources, as doing so would take away from their mission.

Tactics used by cybercriminals

Cybercriminals employ various tactics to exploit nonprofits, including:

• AI-based tools — Tools like WormGPT and EvilGPT are marketed on the Dark Web and used for malware development, crafting more effective phishing emails, fake content creation, and deepfake creation.
• Deepfakes — AI-generated images, videos, and audio recordings that appear authentic. Tools like DALL-E 3, Resemble AI, and iSpeech are used to create deepfakes.
• Smishing attacks — Text messages that convey urgency and consequence, often including a URL link to a payment site, or an urgent request to aid an individual known by the victim.
• Quishing attacks — Phishing using QR codes to divert users to fraudulent or malicious websites.

Defense strategies

To defend against these threats, nonprofits should consider the following strategies:

• AI detection tools — Use AI to detect deepfakes and analyze inconsistencies in facial movements, lighting, and other subtleties. 
• Verification processes — Implement robust verification processes to protect high-profile individuals and enable the authenticity of communications.
• Employee training — Conduct regular security awareness training for employees to recognize and respond to cyber threats.
• Security software — Use security software to detect and block malicious websites and QR codes.

How CLA can help with cybersecurity for nonprofits

By understanding the tactics used by cybercriminals and implementing effective defense strategies, your nonprofit can better safeguard its digital assets and maintain its continued impact in the community.

Our cybersecurity professionals can analyze key aspects of your cybersecurity program and posture and make specific recommendations for your organization.