US school year opens with reading, writing, and ransomware The Vice Society threat group is ramping up ransomware attacks on US school districts just as students around the country return to the classroom, the FBI and other federal agencies are warning. The FBI, Cybersecurity and Infrastructure Agency (CISA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) said in a …
Everywhere needs to install and configure firewalls, maybe one configured to allow data through it for "users" but the firewall for the internal email support and access needs to be configured to block everything except the ports they actually must have to use and the internal network must be isolated from everyone's internet access network.
This is just another incident which underlines how administrators and technicians have thrown away their fallback technologies and methods after they've built systems based on, and dependent upon, always-working, networked-to-everything computers.
When I was in college, there were many non-computers-networked-to-the-entire-world ways of doing things. We had scheduled local-cable TV broadcasts of videotaped lectures, photocopies of professors' overhead-projector sheets (these days, called "slide decks"), mark-sense test sheets (fill in the correct circle with a #2 pencil), "announcement" messages on some phone lines, etc. The campus didn't screech to a halt if email wasn't working, because we had the postal service and land-line telephones. If the electricity failed, guess what? The buildings had large windows to let in daylight, some of us had manual typewriters, the school had some mechanical mimeograph machines, some of us had slide-rules, and we had trigonometry- and logarithm tables in books. It was slow and aggravating to do things using some of those methods, but we did have them as fallbacks.
Our local convenience store had no power one day due to an auto accident (power pole damage). Their PC-based point-of-sale system was useless. They were still open for business, though, using a battery-powered adding machine to print sales slips. They were able to do this because they had labelled the packages with the prices. A major retail-chain store just up the road simply closed for the day, because without the abiity to read bar codes on packages, and to access the price database in their store computers, they couldn't do business. (Why no battery backups for the major store's POS systems and back-end computers?! Good question!)
Business continuity. That's an actual thing.
If it's anything like in the UK, it's an education-sector IT funding issue. UK funding for IT positions in educational institutions is woeful and seems stuck seeking a maximum of mid-level roles at around 60-70% of going market value. As such, I see a never ending spiral of under-investment which in turn flushes the quality of support and is yet another challenge through which our never-endingly stretched teaching staff have to battle. My own experience shows of two schools impacted in first-day shenanigans and continuous lost OneDrive, license issues and broken configs this new school year already. There's a problem with valuation of technical functions in education and I'd wager it's similar in the US also.
to be fair though, education licensing is cheap. Even with no money you can have free office 365 with petabytes of storage plus google classroom and free veeam community editiin backing up to immutable storage.
pfsense with snort and pfblocker is free.
Ive worked for schools with no money and it is possible to keep a secure environment.
Here's the fundamental issue... if the organisation isn't hit by malware or suffer some other IT disaster, it makes security and business continuity look like a waste of time and money to folks outside of the industry. The mere fact that these things didn't happen because of the time and money spent on guarding against them is completely ignored. Even to this day people think that the Y2K issue wasn't worth worrying about because nothing actually happened. The years spent mitigating, testing and patching were what prevented anything happening but the vast majority of people out there still think it wasn't worth doing because it obviously wasn't such a big issue anyway. Malware is even less visible than the Y2K bug was.
You're right, but in MNSHO, here's the fundamental issue: the people setting the spending priorities act stupid and illogical.
The school didn't burn down last year. Do the decision-makers then cancel their fire insurance because the money was "wasted"? No, they don't, because "risk" is the probability of a bad thing happening multiplied by the negative consequences if that bad thing did happen.
"Risk" in IT ought be calculated the same way.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
