Following the news that the SEC has fined UK education publishing company, Pearson, $1 million downplaying the severity of a 2018 cyber-attack, please see comment below from Industry experts.
<p>The $1 million settlement agreed between Pearson and the SEC comes as the education sector faces increasing hostility from malicious actors. The NCSC warned in June that schools, colleges, universities and other education organisations should prepare for an increase in ransomware attacks in the coming months.</p>
<p>As the threat landscape evolves and while education remains firmly in the crosshairs, it is more important than ever to maintain an open dialogue. Only through collaboration and transparency can cyber researchers and technologists begin to turn the tide against cybercriminals intent on wreaking havoc in the sector.</p>
<p>As Pearson has learned, failure to properly disclose a breach can also be far more damaging to an organisation’s reputation and can incur severe legal penalties, particularly when customer data is involved. Breach disclosure processes should form part of an organisation’s blended approach to cybersecurity, layering a combination of people, process and enabling technologies to reduce the risk, minimise the impact of a breach should one occur, and demonstrate diligence and best practice to both customers and governing bodies.</p>
<p>The $1 million settlement agreed between Pearson and the SEC comes as the education sector faces increasing hostility from malicious actors. The NCSC warned in June that schools, colleges, universities and other education organisations should prepare for an increase in ransomware attacks in the coming months.</p>
<p>As the threat landscape evolves and while education remains firmly in the crosshairs, it is more important than ever to maintain an open dialogue. Only through collaboration and transparency can cyber researchers and technologists begin to turn the tide against cybercriminals intent on wreaking havoc in the sector.</p>
<p>As Pearson has learned, failure to properly disclose a breach can also be far more damaging to an organisation’s reputation and can incur severe legal penalties, particularly when customer data is involved. Breach disclosure processes should form part of an organisation’s blended approach to cybersecurity, layering a combination of people, process and enabling technologies to reduce the risk, minimise the impact of a breach should one occur, and demonstrate diligence and best practice to both customers and governing bodies.</p>