Cybertraps Podcast

Ransomware is a growing problem for organizations, including schools What is it? How does it happen? Why does it happen? $$$ – $7bn in 2021 Who’s doing it? We are all on the front lines now Problems for Schools Down time for school personnel, distraction from mission Inability to access data; closure of schools Loss of data, identity theft, invasions of privacy Reputational damage Financial loss Technical and legal fees Ransomware payment How Can Schools Protect Themselves Have air-gapped backups Conduct routine cybersecurity audits and threat analysis Training and education for all members of the school community The greater the access, the more training is needed Particular focus on phishing (leading attack vector) and other intrusion methods Competent and thorough IT department Patch, patch, patch Limit ability to install new programs without thorough testing Collaboration with law enforcement Take advantage of increased funds for cybersecurity Bipartisan Infrastructure Law American Rescue Plan Act Increased interest in cybersecurity offers great opportunities for education and job training How Much Should Schools Share with the Public? Organizations often face a temptation to not report cybersecurity breaches Have a thorough response plan in place; review and update on a regular basis Consult with law enforcement to avoid interfering with investigation Communicate quickly and thoroughly with parents if (when) a cyberattack occurs Increased transparency helps define the scope of the problem and risk factors for others Resources - #2022–03–28 Funding Is Flowing for Cybersecurity Efforts in Every Government Jurisdiction https://www.cpomagazine.com/cyber-security/funding-is-flowing-for-cybersecurity-efforts-in-every-government-jurisdiction/ - #2022–03–27 LI schools hit with 29 ransomware attacks, hacks, other cyber incidents in past 3 years https://www.newsday.com/long-island/education/ransomware-cyberattack-virus-school-computer-networks-p5wjjhed - #2022–03–24 Officials are still in the dark on ransomware https://www.washingtonpost.com/politics/2022/03/24/officials-are-still-dark-ransomware/ - #2022–03–24 Why school districts need to be more transparent on cyber https://statescoop.com/podcast/why-school-districts-need-to-be-more-transparent-on-cyber/ - #2022–03–23 Cybercriminals made $7bn in pure profit in 2021, says FBI https://www.theregister.com/2022/03/23/cybercriminals_made_7bn_2021/ - #2022–03–23 FBI, CISA advise 13,000 orgs to have ‘low threshold’ for reporting cyberattacks https://therecord.media/fbi-cisa-advise–13000-orgs-to-have-low-threshold-for-reporting-cyberattacks/ - #2022–03–22 Add a New Dimension to Ransomware Defenses in Education https://campuslifesecurity.com/articles/2022/03/22/add-a-new-dimension-to-ransomware-defenses-in-education.aspx?m=1 - #2022–03–16 APS says no data compromised during January’s cyberattack https://www.abqjournal.com/2480114/aps-said-no-data-compromised-in-cyber-attack.html - #2022–03–15 Cyber Notification Bill Critical, But Won’t Stop Bad Actors Entirely, Says Senator https://broadbandbreakfast.com/2022/03/cyber-notification-bill-critical-but-wont-stop-bad-actors-entirely-says-senator/ - #2002–03–11 Superintendent speaks out about cyber security incident at Altoona Area School District https://wjactv.com/news/local/superintendent-speaks-out-about-cyber-security-incident-at-altoona-area-school-district - #2022–03–10 MA Offers Free Cybersecurity Training to Schools, Cities https://www.govtech.com/education/k–12/ma-offers-free-cybersecurity-training-to-schools-cities - #2022–03–07 Greensville County School board orders technology audit after cyber-attack https://www.emporiaindependentmessenger.com/news/article_e50d935e–9ccc–11ec–8051–2382b6a94403.html - #2022–03–07 Valley Educators Prepare Students For Cybersecurity Workforce https://businessjournaldaily.com/educators-prepare-students-for-cybersecurity-workforce/