Yesterday, Iowa’s largest school district, Des Moines Public Schools, confirmed in a statement that on January 9th of this year, a ransomware attack had forced it to take all networked systems offline, cancel several days of classes impacting more than 35,000 students and staff, and resulted in a data breach affecting 6,700 individuals.
“The cyberattack against DMPS included a ransom demand. No ransom has been or will be paid in response to this attack based on the advice of our cybersecurity experts and what is in the best interest of the school district and community,” Des Moines Public Schools said.
This is the third Iowa district to have been hit by a ransomware attack in the last year. Emsisoft threat analyst Brett Callow recently said this on Twitter:
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“Waiting for over 5 months to notify individuals that their data might have been exposed will not win you a “rapid response contest” anytime soon. We as an industry must do better in alerting those potentially impacted so they can take some sort of defensive action sooner rather than later.
“School systems are often easy pickings for attackers. Their IT staff, who are usually responsible for security, tend to be overworked and underpaid, and the security technologies at their fingertips are not always the best or the latest. I suggest a different approach that allows schools systems of any size to affordably find, fix, and verify truly exploitable vulnerabilities using autonomous, repetitive, penetration tests that expose the greatest risks so they can be immediately remediated with guidance anyone could follow. Maybe it’s time to rethink the way we’re securing our greatest assets – our nation’s children and their families.”
While I get that the education sector doesn’t have the resources to fight this sort of thing, never mind notify people quickly, I have to ask if they can do better. Because they will continue to be targets until they actually do better.
Like this:
Like Loading...
Related
This entry was posted on June 20, 2023 at 2:59 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Iowa’s Largest School District Was Pwned In A Ransomware Attack
Yesterday, Iowa’s largest school district, Des Moines Public Schools, confirmed in a statement that on January 9th of this year, a ransomware attack had forced it to take all networked systems offline, cancel several days of classes impacting more than 35,000 students and staff, and resulted in a data breach affecting 6,700 individuals.
“The cyberattack against DMPS included a ransom demand. No ransom has been or will be paid in response to this attack based on the advice of our cybersecurity experts and what is in the best interest of the school district and community,” Des Moines Public Schools said.
This is the third Iowa district to have been hit by a ransomware attack in the last year. Emsisoft threat analyst Brett Callow recently said this on Twitter:
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“Waiting for over 5 months to notify individuals that their data might have been exposed will not win you a “rapid response contest” anytime soon. We as an industry must do better in alerting those potentially impacted so they can take some sort of defensive action sooner rather than later.
“School systems are often easy pickings for attackers. Their IT staff, who are usually responsible for security, tend to be overworked and underpaid, and the security technologies at their fingertips are not always the best or the latest. I suggest a different approach that allows schools systems of any size to affordably find, fix, and verify truly exploitable vulnerabilities using autonomous, repetitive, penetration tests that expose the greatest risks so they can be immediately remediated with guidance anyone could follow. Maybe it’s time to rethink the way we’re securing our greatest assets – our nation’s children and their families.”
While I get that the education sector doesn’t have the resources to fight this sort of thing, never mind notify people quickly, I have to ask if they can do better. Because they will continue to be targets until they actually do better.
Share this:
Like this:
Related
This entry was posted on June 20, 2023 at 2:59 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.