New York City DOE Serves As Reminder on Encryption – Trust but Verify

HodlX Guest Post  Submit Your Post

 

Eight hundred twenty thousand – that’s how many NYC students were affected by 2022 hackers who attacked a vulnerability in the school system’s technology infrastructure. The breach occurred in software provided to the school system by ‘Illuminate Education,’ and it resulted in access to names, birthdays, ethnicities and free-lunch statuses, among other items.

It is possible that the system was targeted with the hope of finding a treasure trove of SSNs or financial information  both items that we have been told were not collected. The attack was the result of the company failing to encrypt its platforms.

Chancellor David Banks, while calling for city, state and federal investigations, told The Post,

“We are outraged that Illuminate represented to us and schools that legally required, industry standard critical safeguards were in place when they were not.”

Perhaps it might make sense to elected officials unfamiliar with cybercrime that a company’s assurances in regard to encryption and other cybersecurity measures are sufficient.

However, this attack isn’t unique. So many institutions, relying on external technology providers simply take their word for it when it comes to security – and it isn’t unique to public schools, which may not feel that they are a top-tier target for cybercrimes.

Consider the number of cryptocurrency exchanges and other DeFi marketplaces that have seen exploitations and breaches. Many exchanges and marketplaces are more interested in the business of garnering new customers than keeping user assets safe.

As a consequence, they utilize technology that is no match for the skill set of today’s hackers. Many times, though, they aren’t rich in technological knowledge. Even CTOs are without extensive experience in preventing sophisticated cyberattacks. Often, they outsource their entire security apparatus, relying entirely on the claims of external providers and vendors.

The mistake is not in utilizing outside vendors. In fact, finding a provider that has more significant experience in building the technology infrastructure required for your business is often an excellent idea. The mistake is in trusting a provider without verifying the quality of their work. It isn’t enough for a vendor to say that they offer industry-standard encryption services.

There’s nothing more important to a digital asset exchange’s long-term success than its ability to keep those assets safe. It is incumbent on the operator of an exchange – or in this case, the school district – to ensure that they are prudently spending their cybersecurity funds. Any company that collects personal information or financial data has a duty to be a good steward of the trust they have been given.

You may think that school districts and cryptocurrency exchanges have a vastly different set of challenges. In some ways, that is true. Different kinds of hackers target different kinds of entities, utilizing different skill sets. But fundamentally, both must be prepared to deal with bad actors.

In this attack, teachers saw homework completion decrease significantly. And the system was also used to track Covid-19. When the system went down in January, so did their ability to track student exposure. There were real consequences in this failure to protect students. And while the attack wasn’t one that saw $600 million in assets disappear – as we recently saw in the exploitation of the Ronin sidechain  it was one that could have been avoided.

Fundamentally, we as a society must hit the reset button on cybersecurity. We need to throw out the old playbook and develop a new vision for dealing with cutting-edge threats, especially with an ever-expanding cyberwar brewing as a result of the Russia-Ukraine conflict. The urgent need for a paradigm shift has never been greater.


Richard Gardner is the CEO of Modulus. He has been a globally recognized subject matter expert for more than two decades, offering complex insight and analysis on cryptocurrency, cybersecurity, financial technology, surveillance technology, blockchain technologies and general management best practices.

 

Check Latest Headlines on HodlX

Follow Us on Twitter Facebook Telegram

Check out the Latest Industry Announcements
 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Design Projects

Source: https://dailyhodl.com/2022/03/31/new-york-city-doe-serves-as-reminder-on-encryption-trust-but-verify/