In our previous post, we discussed the losses for employees in a California school district from a single Phishing attack. We framed this as Step One in this attack - a breach harming school employees and their families.
We’re now ready to explore Step Two in this attack through the lens of some sadly real examples. Step Two further demonstrates Educational Institutions’ need for excellent technology partners.
Step Two of an Educational Institution compromise often causes harm to students and their families. Schools maintain a tremendous amount of deeply personal and critically important student data. This data is gold in the hands of a cyber criminal.
How can we truly expect Administrators and Educators to be cyber sleuths? In no way are we calling into question their intelligence. It’s simply an unreasonable burden to place on those educating our future leaders.
As we jump back into Step Two scenarios, remember that bad actors are getting better at exploiting attack data through non-obvious means - every industry has value to an attacker:
What happens when a college loses student application files as a result of the initial Phishing attack on its educators (real story)? Applicants start receiving emails from questionable dark web operators offering to sell them their data, including admissions officer comments, personal student ratings and teacher recommendations.
Or how about students arriving for the first day in college and receiving urgent emails about bank account information for student loan disbursements (again, real story). We all know that students need that cash! Since the school was recently compromised, student confidential information is now in the hands of professional cyber criminals. Again, this information is like gold to these attackers.
The Step Two pivot to Phishing attacks on the larger student population can be more devastating than the initial compromise.
Educational Institutions need excellent IT partners to help prevent these scenarios.
We also can’t forget the cost of breaching FERPA compliance requirements.
If you’d like to prevent attacks like these within your organization, INFIMA and our partners are ready to help.
Ready to learn more? Connect with us here!
Join the newsletter to receive the latest updates in your inbox.