What Is “The Matrix Difference”?
Matrix Integration’s primary focus is working closely with our clients in achieving optimal end solutions that continually and reliably address...
Tim Pritchett : Jan 10, 2025 2:41:06 PM
This week’s news about the PowerSchool data breach has really got me worried. As a former K12 CTO and a parent of three kids in US schools, this hits close to home. PowerSchool, a big name in Student Information System software, reported some serious issues that could affect our kids.
The breach was discovered on December 28, 2024. Hackers got into PowerSchool's customer support portal, PowerSource, and from there, they accessed the school information system, PowerSchool SIS. They used a compromised credential to get in, and while we don’t know all the details yet, the data accessed might include names, addresses, Social Security numbers, medical info, grades, and other personal stuff.
PowerSchool has confirmed the breach and said they’ve taken steps to prevent further unauthorized access. They don’t expect any operational disruptions, but they did mention that they had to pay a ransom to stop the hackers from leaking the stolen data. Here’s where the second and potentially most dangerous problem lies.
Now, let’s talk about the illusion of security. Paying hackers to delete data is a risky move. There’s no guarantee that the data will actually be erased. Cybercriminals don’t follow any ethical standards, and even if they say they’ve deleted the data, there’s no way to be sure they don’t have copies. Plus, paying ransoms can make organizations targets for future attacks.
Paying for data deletion can also encourage a cycle of extortion, where organizations are repeatedly targeted. This approach can have legal and ethical implications and might even fund further criminal activities. Regulatory bodies are keeping a close eye on organizations that pay ransoms, calling for more accountability and transparency.
As a Certified Information Security Manager (CISM) with over a decade of experience managing student information systems in public schools, I can’t stress enough the need for a proactive approach to cybersecurity. Reactive measures like paying for data deletion just aren’t enough. We need to invest in cutting-edge technologies, staff training, and comprehensive incident response plans. The PowerSchool hack is just another example of breaches caused by exposed, unpatched, or compromised support portals.
Effective cybersecurity requires long-term investment in defense strategies that prioritize prevention over reaction. Continuous monitoring, threat detection, and incident response capabilities are crucial. Collaborating with external cybersecurity firms and experts can provide valuable insights and support in building robust defenses.
In short, paying hackers to delete stolen data is a dangerous fallacy. Organizations must focus on building resilient systems and investing in long-term cybersecurity strategies to safeguard their data and protect against future threats.
Contributor: Tim Pritchett - CISM, VP of Enterprise Business - Matrix Integration
Matrix Integration’s primary focus is working closely with our clients in achieving optimal end solutions that continually and reliably address...
Keeping track of aging equipment and software is usually at the bottom of the to-do list, but when they fail, the scramble for fixes quickly rises...
Companies need a plan to secure employee devices before lost and stolen devices lead to major data breaches. By Tim Pritchett
Matrix Integration’s expertise and access to cutting-edge technology positions us to provide the right technology solutions for the critical challenges you face.