On episode 106 of the Security Squawk Podcast, cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O’Hara discuss a cyber attack on a school district in Des Moines Iowa, where classes have been canceled for 33,000 students after a cyber attack on its Technology Network. The hosts discuss the issue and mention that this is a common MO for cyber attacks, where not much information is released. They also mention that this is a more serious issue than in the past and that the school district probably wants to keep negotiations private if there is a ransomware attack.
A follow-up to the Knox Community College ransomware. The school disclosed they investigated and responded to a data breach where sensitive information like personal information, national ID numbers, social insurance numbers, passport numbers, IP addresses, employer identification numbers, medical records, health insurance information, sexual orientation, religion, and union affiliation were exposed. The group expresses their concern and skepticism about the company’s statement that there is no indication that any specific information was or will be misused, but they cannot rule out there may be attempts to carry out fraudulent activity. They mention that the data was exposed on the dark web, and the company didn’t send out notices till the end of December, which is disturbing. They also discuss that companies often underestimate the value and potential use of their data by cybercriminals, and the lack of education and understanding of the risks involved in a cyber attack. They also mention that the data can be used to ruin people’s lives for years and the border crisis and biometric information also being accessible.
We also discuss the sale of credentials for accessing Chick-fil-A accounts on the dark web, with the cyber experts discussing the ease with which criminals could use the information to steal from the accounts. They also discuss the need for companies to have policies in place that dictate what employees should and should not post on internal chat apps like Slack and the need for tools to help automate and police those policies.