Words of Wisdom

Late last year I posted about PowerSchool's initial breach and the downstream implications for Teachers and Students.

Well folks here we are.

Months after the initial report PowerSchool is now acknowledging that individual school districts are being targeted for further extortion by the same criminal's that stole the data originally.

"How is that surprising?" you may be tempted to think.

The problem here is simple, PowerSchool paid the original ransom as disclosed by several sources covering the original breach story.

"Wait, if they paid then why additional problems?" you may again be tempted to ask.

Well, its almost as if PowerSchool and its clients are dealing with Criminals and you cant trust a criminal....damn.

All jokes aside this is a tactical disaster. I will make some assumptions and it may indeed make me an ass but lets go for it anyway. A company typically pays a ransom for the simple reason that they need the data back because presumably they don't have ALL of their data reliably backed up or efficiently restorable. *Audible Gasp!* So, with the ransom paid the data is unlocked and you can get back to business as usual. However, you have tipped your hand, with the ransom you have paid the criminals now have revenue to dedicate to additional targeting and who might they target? You guessed it, your clients, because they have mountains of juicy data at their fingertips just begging to be leveraged.

Is it unfortunate that you can't trust criminals to follow the rules....yes. Should we as a society stop treating Cyber Security like its the last thing we are willing to spend a penny on or pay any attention to....YES.

Happy Monday everyone!

#HardentheTarget #StayVigilant #HIPAA #CriticalInfrastructure #CyberSecurity #SecurityAwareness