Photo by Linus Nylund on Unsplash
The Aftermath of an Attack
Two dozen colleges, universities, and charity organizations in the US, UK, and Canada are dealing with the after effects of a ransomware attack that’s now turned into a data breach.
Cloud provider Blackbaud suffered a ransomware attack earlier this year. They provide cloud services to education, fundraising, and financial institutions. In May, they discovered and stopped ransomware invasion, but not before the attackers could remove a copy of data in their self hosted environment.
While Blackbaud paid the undisclosed ransom, they neglected to inform their customers immediately of the breach. Under GDPR (General Data Protection Regulation), businesses are required to report a data breach within 72 hours to regulators, yet Blackbaud waited weeks.
College and university servers are especially attractive. There’s a wealth of personal data milling around. As a result, these institutions are frequently targeted.
Paying The Ransom
It’s commonly advised to victims of ransomware attacks that they not pay. The FBI, Europol, and countless security experts all advise against it. Paying the ransom is no guarantee you’ll retrieve your data. Additionally, it makes attackers more ambitious knowing there’s a chance of a payout.
Multi-layered security measures are the best plan of action in today’s ransomware environment. That also means institutions shouldn’t rely solely on their providers to protect them. In addition to the security measures by a provider, you should have an extensive security plan yourself.
Mass closings in the wake of COVID-19 have left us looking for remote ways to work and learn. Because of the shift in our habits, attacks are increasing in every respect from businesses to home users. Life has adjusted, so our security thinking needs to adjust as well.
Part of an effective multi-layered security approach includes automated default-deny protection. You should also continue to educate yourself on the evolution of phishing scams and newest trends in ransomware. Education is a second component to staying safe. Finally, password hygiene should be adhered to on a regular basis.
Even when your data isn’t in your own hands, there are extra steps you can take on your end. Stay safe out there.