Operational disruptions, disclosures of personally identifiable or other sensitive information, and financial loss ramped up in the second half of 2019. K-12, higher education, and city and county governments all felt these attacks.

We saw a plethora of disruptions, mainly through ransomware attacks, and a handful of K-12 districts and local governments faced ransomware for their second time. Networks shut down, either for safety or by the virus, for hours to days; some organizations took months to fully recover or were unable to fully recover their encrypted data. Multiple schools were forced to delay the start of school due to these attacks.

We saw disclosures, or data breaches, in all sectors. Some were accidental, with sensitive data hidden in files attached to emails. Other breaches were related to the theft of a physical device or hacking of a network. We saw the Click2Gov security issue back on the rise, affecting multiple government payment portals. Additionally, we saw a breach of a third party educational vendor, Pearson, affected hundreds of thousands of students across hundreds of K-12 districts. These two cases are a reminder that we are only as secure as our weakest link or vendor.

Multiple city and county governments incurred financial losses, paying ransoms to decrypt their files. It appears that more organizations are choosing to pay ransoms, which means this threat will continue to grow. School districts lost hundreds of thousands of dollars to business and vendor email compromise scams.

As you review these roundups, think about where your own organization might be vulnerable. Many of these incidents could have been prevented with a strong culture of cyber awareness, and particularly phishing awareness. Cyber awareness and training will help your organization get ahead of these threats, protecting both your network and your reputation. If you are interested in learning more about our programs, contact us.