April 7, 2021

The CISO Corner

Over the past several weeks I’ve found myself considering, “what is a safety moment?” It didn’t dawn on me until recently, that a “safety moment” is something that relates to me not only in a work capacity, but in my personal life as well. For those of you who do not work in the manufacturing industry, a “safety moment” is a 2-5 minute discussion or presentation on any changes that could affect the safety of the employees at a plant site.  We conduct these “safety” meetings on a daily, if not weekly basis to ensure that the manufacturing plants are able to keep “safety” top of mind for all the employees at any said plant.
I hadn’t realized how close a “safety moment” and cybersecurity could be until a recent incident disclosed in the media has hit close to home. We all read about the steady flow of breaches, but what caught me off kilter was the sheer number of ransomware attacks against our local district's elementary and middles schools. As a parent and a cyber professional, I am afraid of the implications that this can have to me, my kids, and my extended family and friends. This sentiment got me thinking, “how do you qualify these issues and provide a "safety moment” for people who are not so close you?”
For those not in cyber, we are aware that many of the school districts around the world are now being attacked by criminal elements for the purposes of extortion in the form of ransomware attacks.  This is understood by many as a typical encryption of specific files or folders that prevent the usage of the computers or other digital equipment at a specific location. But, and here is the but, ransomware should never be looked at as a first strike against a target.  Think about it, why would an attacker, who already has access to inside a computer network, only conduct a ransomware attack against a target. Most likely the attackers have already stolen all the sensitive information noteworthy of any monetary gain. This is now where we dive into the mindset of a hacker… think about it, a hacker will take any data that can be monetized and tickle a little bit of the juicy info out to see who on the Dark Web would be interested in purchasing the info.  The Dark Web may seem like a scary place, but there are so many reasons that hackers use it: to begin the extortion of company’s and providing the saying “death by1000 cuts” methodology, it also forces insurance companies to start sweating the data being leaked out until the hacker is paid money or all the data is released to other criminal elements for their vile pleasures.

 "But what information is that?” You are probably wondering, it could be employees personal info, the schools financials info, maybe even specific academia related content like research papers at colleges…now think of the darker side of things, as you know this is all sold on the Dark Web.  Some of the more questionable information that could be stolen is, the students personal information, where they live, phone and email info, if they take a bus, who is their next of kin, etc.  Are you getting scared yet? 
Let's take it one step further, now a criminal element has possible information of underage children. And as part of any good ransomware offering, the criminal will put up a sample set of info related to what they stole.  Most likely it will be school related…but the download has vasts amounts of data…and depending on which criminal element is out there, has it available on the Dark Web for download for anyone to peruse and quality.  What if your kids info was in there?  And one of the people on the Dark Web downloading the info is not looking for financial renumeration but something else?  NOW you must be getting worried…
This is where the “safety moment” comes in.  We as security practitioners are always preaching how good security hygiene and awareness is necessary. We tell our friends, family, colleagues, and anyone else who will listen. But how do we really connect with the community and make actual changes? We as leaders, parents, community members should hold our institutions that are meant to provide safety and education to our community to a stricter standard than that of finance and healthcare. Why? Because the damage that the stolen information can bring to community is more egregious than that of paying money to unlock a computer file or two.  

The call to action is this, talk to local law enforcement, the school districts, teachers, local officials and even local judiciary systems and find out how they plan to identify, protect, and detect the stealing of our children’s data and what type of punishments would be unleashed to those who support these types of activities.  The protection of our children, the next generations are at stake. If you’re concerned for yourself or your business, let’s talk offline. Lots of us are feeling this way but haven’t had the lightbulb moment yet…