Hi folks, 

It’s that time of year again: to be stuck behind a bus on your commute and to be reminded of the bleak state of ransomware in education. However, it’s not the fault of end users—cyber attack methods are anything but static.

Attributed mainly to exploited vulnerabilities, compromised credentials, and good ol’ phishing, the rise of ransomware throughout the education sector should have Security teams refreshing their curriculums.

Do you block mobile third-party keyboard keyloggers? Have a plan in case of social engineered SIM-swapping? Provide mitigation against malicious repository invitations? I’d venture to guess that the answer is a resounding no. 

That’s why your security awareness program needs an update. 

To ensure your end users protect not only themselves, but your organization, it requires teamwork. Now, it’s impossible to account for every possible attack vector, but if Security teams update their security policies that allows IT teams to take the lead from there to engage and inform end users on why there’s updates.

Because unlike school, learning about and protecting against cyber attacks is a year-round job. That’s why it's the perfect time to take the new school year as a sign to spruce up your existing security training because as it turns out, it pays dividends to share your knowledge with others. 

And If you’re in need of inspiration to spice up your security training, why not have your end users see if they’re smarter than a scammer. You’ll either be haunted by the results or impressed. Have fun! 

Until next time, 

Kenny

Adventures in IT

A comic about the highs and lows of IT and security life.

From Our Feed

The latest insights from around our industry.

🏥 Ransomware Attack Disrupts Health Care Services in at Least Three States
Health care systems catching up to the twenty-first century has not been a smooth transition.

🍪 EvilProxy phishing campaign targets 120,000 Microsoft 365 users
Just like how a bakery puts its goods behind glass, make sure no one steals your cookies.

🎮 “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild
Legacy Facebook games, a trusted email gateway, and spoofed verifications make for a heck of a phishing campaign.

✈️ Unlimited miles and nights: Vulnerability found in rewards programs
With no active exploits, this is just a sobering reminder of how much information these rewards programs possess. (I’m still a sucker for loyalty points, but more cautious now.)  

⛰️ Colorado warns hackers stole 16 years of public school data in ransomware attack
First the MOVEit attacks, then this. Ransomware gangs, please leave Colorado alone.

From the Blog

Tips, tutorials, and insights on endpoint security, osquery, and more.

Is Your Security Awareness Program a Total Snoozefest?

Let’s cut to the chase: most security training is a checkbox employees look to do at onboarding and whatever cadence your company has set up. That’s most likely because your end users feel disengaged from security.

Rather than presenting over-generalized powerpoints and tricking your employees in phishing tests, invest time and resources to expand your security awareness program that includes your end users. Here’s how.

What Is Shadow IT? You Can't Solve It by Blocking It

While Shadow IT can be malicious, it mostly stems from end users not understanding the risks they incur when using tools that can leak sensitive data, increase attack surface, and a host of other issues.

To combat Shadow IT, the answer isn’t more surveillance; the solution lies in the relationship between Security/IT teams and end users.

Take of the Week

The best "makes you think" moment from this week's discourse. 

 

“Even with this ad hoc education, there is little consensus among educators: for every professor who touts the tool’s wonders there’s another that says it will bring about doom.”

 

—Pranshu Verma, innovations reporter for the Washington Post, detailing the inevitable struggle educators will face this school year with ChatGPT’s increased relevance since its debut last November.

On a Good Note

Leaving you with some positive news, sometimes from Kolide, and sometimes from the world at large. 

• Schools being targeted for cyber attacks is nothing new, but that may be a thing of the past. The Biden administration is launching initiatives and allocating resources to improve and strengthen America’s K-12 schools’ cybersecurity (to the tune of $200 million over three years). Even AWS and Cloudflare are pitching in to help because as we all know, it takes a village. 

Did someone send you this awesome newsletter?

Sign up here to get our newsletter straight into your inbox.