720-891-1663

Return to list of client alerts

A Lesson from the LA School District Cyberattack

As the second largest school district in the country, when the Los Angeles Unified School District gets hit by a cyberattack, it gets a lot of attention.

The FBI has a team of six special agents on site after the district asked for help.

Besides the FBI, the feds have sent in the Departments of Education and the Homeland Security.

CISA is there – the Cybersecurity and Infrastructure Security Agency, part of DHS.

Also local law enforcement.

I would not expect that your school district or company will get that treatment unless you have 500,000 students and 70,000 employees, or equivalent, which rules out most of us.

That is not the lesson. THIS is the lesson.

Apparently, in the months leading up to the attack, credentials for district employees were available for sale on the dark web, including VPN credentials.

It also appears that while there was some use of multi-factor authentication, it was not everywhere.

SO WHAT IS THE LESSON HERE? IF YOU ARE NOT DOING PERIODIC DARK WEB SCANS, YOU NEED TO BE DOING THAT. Maybe if the LAUSD was scanning the dark web, they could have stopped this attack.

And of course, implementing MFA is critical.

If you need help with dark web scanning or implementing MFA, please contact us.

Credit: Data Breach Today