In November of 2020, the Baltimore County Public School system was shut down for several days due to a ransomware attack. The closure affected all students and staff,and put questions into everyone’s minds about the security of the BCPS network and subsequently their own. While the investigation is still ongoing, there is plenty that we can learn from the incident.
WHAT HAPPENED?
On November 25th , 2020 BCPS reported that they would be shutting down their network and running scans on all systems due to a ransomware attack. The outage remained in effect for several days with administrators informing students and parents not to turn on school–issued laptops until further notice. This remained in effect until Wednesday Dec 2nd.
WAS AFFECTED and WHAT DO WE KNOW?
With over 115,000 pupils and 18,000 employees in the district, this attack was one of the largest recorded at that time targeting a school district. Luckily the investigation thus far has reported the attack appeared to be only a denial-of-service attack affecting access to the network and data, and no data was stolen.
As of March of 2021, we still do not have much in terms of who the perpetrators are and there is a good chance we may never know that. More importantly than learning the WHO is to learn the HOW. How were the criminals able to gain access in the first place? As details emerge, investigators have confirmed that the network was not properly configured nor secured, leaving multiple vulnerabilities and access points. In addition, it appears that the BCPS was warned about these vulnerabilities on several occasions even as far back as 2015.
WHAT CAN WE LEARN?
First, no industry is safe from attack. As we have seen time and time again cyber criminals will let no crisis go to waste and will attack anyone’s data regardless of who the data belongs to. To a criminal, all data is profitable. Just because it may seem innocuous, sometimes data is stolen and used much later. Things may seem all good, and then bam! Also, that same information is often tried on other sites. Think about how often you use the same email address and the same password to log onto multiple sites.
The second take away is to head the warnings and act on any findings. The BCPS was warned on 3 separate occasions that their network was not properly secure and their setup would leave them vulnerable to attack. BCPS failed to act on this information, and as they say, the rest was history. When you are presented with findings on your level of security or vulnerabilities, you need to act quickly and efficiently! Knowing your deficiency yet not attempting to correct is just as bad (if not worse) as not knowing.
HOW CAN SUMMIT HELP?
Prepare now for the inevitable and understand your shortcomings. At Summit, we can help on several fronts. First, we can assess your network against a large range of compliance standards including NIST 800-171, NIST-CSF, HIPPA and PCI to name a few. Secondly, we can help guide you through the remediation process, providing cost effective solutions to harden your cybersecurity infrastructure. Lastly, in the event of a breach, we can help you get back to business quickly, so you don’t spend more time than necessary on the sidelines.
Contact us today
if you would like to learn more about our Cybersecurity Support Team and how we can help your business.
