Expert Commentary: Schools Forced To Postpone After Ransomware Attacks

By   ISBuzz Team
Writer , Information Security Buzz | Sep 09, 2020 02:38 am PST

Officials from the city of Hartford, Connecticut, were forced to postpone the first day of the new school calendar year after a ransomware infection impacted the city’s IT network. According to a statement published by Hartford Public Schools, the school district serving the city of Hartford, the ransomware attack impacted several of the school’s internal IT systems, causing a prolonged outage.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Nir Gaist
Nir Gaist , Founder and CTO
September 9, 2020 8:49 pm

As the \”ransomware business\” proves to be lucrative (from the attacker\’s standpoint), it continues to evolve both technologically and operationally. The average ransom demand climbed over 1100% in the last two years – from $10k to over $110k. While traditional and next-gen security controls will somewhat help against common attacks, they are practically ineffective against a constantly evolving threat. When it comes to ransomware – an actively, rapidly evolving threat – organizations, including schools, must adopt a new, more proactive way of thinking. Defense-in-depth must be implemented, where each layer truly adds a different approach to the organization\’s security posture.

Last edited 3 years ago by Nir Gaist
Mark Bagley
Mark Bagley , VP, Product Management
September 9, 2020 10:53 am

Educational institutions around the world are making the shift to virtual learning. Unfortunately, this now makes our schools and universities top targets for ransomware attacks, as witnessed by multiple incidents — most recently occurring to Hartford Public Schools.

A more proactive and threat-informed approach to security strategy for education is important to ensure they are not the next victims. Understanding common adversary tactics, techniques, and procedures as outlined by the MITRE ATT&CK framework allows organizations to build more resilient security programs. Additionally, organizations should use automated solutions that continuously evaluate the state of their defenses to support continuous improvement.

Last edited 3 years ago by Mark Bagley

Recent Posts

Would love your thoughts, please comment.x