Data Science and Engineering Analytics Technical Section

 View Only

  • 1.  Non Profits like SPE should conduct comprehensive cyber risk assesments

    Posted 01-21-2025 12:12 PM

    Nonprofit organizations like SPE face significant risks due to limited IT resources, making them vulnerable to cyber threats and system failures. As digital reliance grows, it's crucial for nonprofits to prioritize IT risk assessments to avoid financial loss, reputational damage, legal issues, and service disruptions

    Some of cyber beaches for  non profits could be

    1. Data Breaches: Cybercriminals target sensitive donor information, beneficiary records, and financial data, leading to loss of trust and financial penalties.
    2. Service Disruption: Cyberattacks or system failures can cause downtime, severely impacting nonprofit operations and service delivery
    3. Regulatory Non-Compliance: Non-compliance with GDPR, HIPAA, or PCI-DSS can result in fines and legal challenges
    4. Reputational Damage: Security incidents can erode donor confidence and public support
    5. Financial Strain: Recovery from cyberattacks involves direct costs (ransomware payments, legal fees, system restoration) and indirect costs (lost donations, operational delays)

    These threats highlight the importance of proactive IT risk assessment for nonprofit sustainability and growth

    What are your thoughts about it?



    ------------------------------
    Hitesh Mohan
    ------------------------------


  • 2.  RE: Non Profits like SPE should conduct comprehensive cyber risk assesments

    Posted 01-22-2025 06:15 AM

    Hello Hitesh

    Cybersecurity is not new to SPE. We ran our first penetration tests in 2014, and we have been regularly updating our security policy and tools. However, as many nonprofit organizations, there is no contractual constraints by 'clients' to be cybersecurity compliant, because we have members, not clients. 

    But we have followed the same reasoning as what you presented and have decided this month to run a formal cybersecurity risk assessment in Q2 and Q3 2025, with possible remedial actions (if needed) in the following fiscal year unless we detect any critical weakness.

    So again we are protected but we will move one step further in the following year.

    Best regards

    Olivier Houzé

    2025 SPE President




  • 3.  RE: Non Profits like SPE should conduct comprehensive cyber risk assesments

    Posted 01-22-2025 08:56 AM
    Dear Hitesh,

    Cybersecurity should be a very serious concern for every corporation including non profit organisations. While I understand that many smaller non profit organisation are challenged with their budget and may decide to take some risks with Cybersecurity, I do not have any reason to believe that the SPE has chosen a risky road and not applied the best in class protection to the SPE digital assets.

    The discussion is certainly valid but I wonder if you have any reason to believe that SPE is less protected than it should be with respect to cybersecurity?

    Cheers,

    Philippe Herve




  • 4.  RE: Non Profits like SPE should conduct comprehensive cyber risk assesments

    Posted 09-03-2025 08:28 AM

    Cybersecurity is an ongoing challenge .. every company i have talked to they have said we have it covered yet they got breached. 

    Oil and Gas in critical Infrstructure. when ever you are storing PII information of people you should be more careful. AI can be used as a potential weapon now a days on our systems 



    ------------------------------
    HiteshMohan
    ------------------------------

    Original Message