Cybersecurity the Future of Non-Profit Rural Organizations: A Pilot Study
Bharat Sharma Penn State University
Dusan Ramljak Penn State University
Jennifer Breese Penn State University
Cybersecurity poses a growing threat to organizations of any size. The cost of cybercrime is predicted to hit $8 trillion in 2023 and is showing a growing trend with projections to hit $10.5 trillion mark by 2025. While major companies have dedicated resources for digital security non-profits often lack these assets and are vulnerable to exploitation. A 2019 ransomware attack on 7 hospitals in Alabama led to major disruption in emergency services . In 2020, the National Urban League was the victim of a ransomware attack that forced it to shut down its IT systems. The attack cost the organization an estimated $1 million . The attacks on non-profits including hospitals, municipalities, and other entities of public service, have strongly demonstrated the need for enhancement of cybersecurity for this sector.
To assess and critically analyze the state of cybersecurity among non-profits in the state of Pennsylvania, this study conducted a non-profit cybersecurity survey focused on the various critical cyber factors that propose risk. 1000 nonprofit organizations in state with different sizes and aim received the survey. Questions centered on organizational traits, technology usage, cyber-attack experiences, contingency procedure, and the assessment protocols. This study evaluated different statistical metrics like population distribution, issue severity and the percentage of the non-profit population affected for each investigated cyber risk factor using descriptive statistical analysis.
Based on participant responses to survey questions metrics were created to evaluate and understand impact of each aspect of cybersecurity parameters. There are also descriptive questions which will be further analyzed using the Natural Language Processing techniques using the following techniques.
1. Stop word Removal: This step removes stop-words like pronouns, and articles from the raw text as they do not hold any significant meaning. In the last 2 years, the stop word list has been updated which now also takes context into account before removing stop words.
2. Tokenization: It is the process of breaking text into tokens or sometimes individual words, tokenization is the most used NLP process. Sentences and Paragraphs are broken down into different chunks while preserving the contextual meaning of the sentence.
3. Word Embeddings: Word Embedding is the process of creating Embeddings (word representation) which preserves the meaning. Using these techniques machines can understand the meaning of the word in different settings as well as in different contexts, same as the human mind does.
4. Bag of Words: After tokenizing the response, Bag of words is created which contains all the topics that are useful for the descriptive analysis. It can be further used to create word cloud to better understand the most common issues and they can be later rank based on their importance.
Below is a sample table of questions derived from the survey and metrics to understand and analyze survey responses. These metrics will help us understand the cybersecurity needs of the non-profits and it can be used later to develop Key Performance Indicators (KPI) for strategic operational improvements.
Table 1 [table to be inserted - submission system would not accept the table]
The results offer fresh perspectives on the state-level cybersecurity requirements for nonprofit organizations. Ultimately, this study intends to assist increased cybersecurity capabilities among Pennsylvanian non-profits by identifying areas that require the most training, resources, and legislative interventions. These identified areas will be brought about through evaluating current gaps using data-driven analysis. These findings will seek to help better understand the weaknesses and gaps in the cyber defense of Pennsylvanian non-profits and be mirror in other states with similar needs and populations. Non-profit cybersecurity emerges as a priority area needing attention based on rising threats, impacts of past attacks, and gaps in current safeguards.
 Heath Sector Cyberattack Report
 National Urban League