Leaders within the Buffalo, N.Y., Public Schools were taken by surprise by the ransomware attack that afflicted the district's network on Friday, but security experts say they shouldn't have been.
(TNS) — Buffalo Public Schools leaders were taken by surprise by the ransomware attack on the district's network Friday. But they shouldn't have been.
Cybercriminals are particularly fond of targeting government agencies and school districts, which are generally less likely to devote the financial resources necessary to guard against attacks, according to cybersecurity experts.
"It's very common for schools to be targeted," said
According to the
Close to home, the
Not only are school districts less likely to hire cybersecurity experts or invest in the outside services needed to prevent ransomware and other cybersecurity attacks, experts said, but school districts have become even more vulnerable because they've had to fast-track new remote learning models due to the coronavirus pandemic.
"They were trying to do the best they could to keep things moving, but obviously if you move too quick, you're going to leave vulnerabilities that people can take advantage of," said
He referenced information from the
"They're kind of low-hanging fruit," he said.
And ransomware is only one type of cybersecurity threat.
Cavalieri, whose company has worked with roughly half a dozen schools and districts to address cybersecurity incidents over the past year, said he worked with a
"It was terrible," said Cavalieri, whose company has been cooperating with the
For schools and districts he's dealt with, he said, getting schools back online has ranged from days to weeks.
Experts say that the length of time it will take for the
"It depends on their level of preparedness," Hubert said.
Cavalieri said the
"These types of things just take time," he said.
The pressure to get the school district network up and running is immense since many students are still working remotely, and the district has been preparing to bring more grades back into the classroom starting Monday.
"The District is working with technology industry experts and law enforcement authorities to resolve the ransomware attack we experienced on Friday morning. We are continuing to work throughout the weekend to protect and recover our information systems. We will let you know by Sunday afternoon whether we will be returning to school on Monday," said district spokeswoman
The district is also likely to be faced with the decision of whether to pay any ransom demand. Law enforcement representatives discourage payment to criminals, even though payment is sometimes the fastest and cheapest way to quickly bring back a down system and even though it rewards the criminal.
"I really don't ever advocate paying unless they really, really have to," said Hubert, a former
Some organizations and businesses, however, feel that because of their circumstances, they need to pay to keep operating and may negotiate with the hackers to lower the ransom demand, Cavalieri said. The criminals then provide the unlock codes to encourage future victims to pay up.
Ultimately, however, cyberattack prevention needs to be a priority, particularly for school districts and other public agencies that tend to shortchange this type of work. It's not enough to have a good information technology staff, Hubert said. Cybersecurity is its own specialty, similar to physicians in the medical field, who are not equipped to deal with every type of illness or surgery.
"When law enforcement leaves and computer systems go back online, what back doors could have been left behind?" Hubert said. "Really, your job is just beginning."
(c)2021 The Buffalo News (Buffalo, N.Y.). Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.