The Lack of Education
Data exfiltration is a growing cybersecurity concern. Back in 2017, a blog post on CSO outlined the horrors some parents in small towns were experiencing based on the attacks on their children’s schools. The hackers wanted money. Unfortunately, the schools weren’t paying up. Desperate for a new angle, the hackers reached out to parents. The communication was frightening.
Four years later, and we’re still looking at the same scare tactics. With reports last week of ransomware gangs emailing victims, the tactics haven’t changed. The frequency, however, is increasing without any further cyber safety education.
Yesterday, NBC ran an article about a mother frustrated with the attack that derailed her children’s online schooling at the end of 2020. While the parents in those cases didn’t receive threatening communication, the story is eerily familiar. Hackers hit poorly guarded schools, overstretched IT managers try their best to mitigate, student’s data is released online, the cycle continues.
And the cycle does continue. Schools are an easy target. They’re frequently under protected and over extended. Some of the wealthiest schools in the country look like a gold mine to cybercriminals.
Furthering The Reach
But education isn’t the only place in desperate need of a security overhaul. The medical sector has seen a surge in attacks as well. And data exfiltration is at the center of it all, accounting for 70% of all attacks already in 2021.
Medical is particularly nasty. The rationale is that those files are necessary to human health, and hospitals will pay quickly instead of trying to mitigate their response. That thought process has merit, as ransomware attacks on hospitals have been show to put patients at risk.
Business is also taking a hit. While the moral ramifications don’t include children and sick people, it does involve the livelihood of many Americans. In our current climate of rebuilding the economy after more than a year of lock down, a cyberattack can be a death sentence.
And we know that criminals are targeting the vulnerabilities in business as companies still struggle to find a balance with their remote employees. Collaboration platforms, while necessary to keep working, are easy targets. A lack of education by both employees and administration lead to successful phishing attempts. Security threats are prevalent, and often not being addressed until it’s too late.
It’s All About Prevention
As our guest blogger, retired FBI cybercrime investigator Scott Augenbaum, said, “a majority of Cybercrime incidents could have been prevented.” While he advises the need for more education, we also recommend preventative software. Those are your two most powerful tools against attacks of this nature.
And advocating for widespread education is as necessary as exercising it yourself. It’s been slow to catch on. Most organizations, whether schools, hospitals, or businesses, don’t think it’s necessary until after the fact. A cybersecurity incident isn’t a lesson you want to learn after the fact.
Ransomware is running rampant. It’s up to us to make sure it’s stopped in its tracks. Stay safe out there.