Cybersecurity Compliance is Only Half the Battle for EdTech
TechCrunch recently reported on accusations levied by the Federal Trade Commission against edtech giant Chegg – the FTC filed a legal complaint earlier this week indicating that Chegg’s lapses in cybersecurity compliance has resulted in numerous separate data breaches in recent years, and that these breaches were avoidable with better cybersecurity practices.
Sai Huda, CEO of CyberCatch, explains that cybersecurity compliance is only the first step in ensuring data security for edtech customers. The knack is ongoing maintenance and management of those security systems to identify and plug holes as needed – with thousands of attacks levied against educational institutions, hackers will always find vulnerabilities and exploit them.
Sai’s Thoughts
“Along with that, there’s gotta be two other things they’ve gotta do. One is they’ve gotta test those controls regularly. So just implementing the hundred eight controls and thinking you’re in compliance, it is just step one, the step 2, 3, 4, 5, 6, 7, 8, 9, 10 are to continuously test those controls because controls will break.
So, the key is to find those control failures, those security holes before the attackers do, and then plug them, and therefore the attackers will not be able to exploit those security holes and will not be able to be successful. The third thing the school sector must do is to have an incident response plan because it’s not a question of if, but when an incident will happen.
So the key is to be able to detect this incident and then to be able to respond so that damage is mitigated so that perhaps ransomware isn’t spread. Perhaps it can be curtailed. Data can be prevented from being stolen. Incident response plan is also key, and it must be implemented. That’s the way to be successful.
K12 schools are definitely in line of sight of attackers. CyberCatch scanned over 11,000 websites, internet facing assets of K-12 schools in the US and we found over 60% having vulnerabilities attackers can easily exploit break in, install ransomware and steal data.
So, this along with the FTCs order, should be a wakeup call for the whole K-12 sector to be proactive.”
Latest
Clean Energy Sets $1.1 Trillion Record That’s Bound to Be Broken
(Bloomberg) — Last year was a double milestone for decarbonizing the world’s energy system. It was the first year when investment in the energy transition equaled global investment in fossil fuels, according to the latest data release from clean energy research group BloombergNEF. The money flowing into the upstream, midstream and downstream segments of oil and gas, and […]
American Airlines Sees Profit Above Estimates on Steady Demand
(Bloomberg) — American Airlines Group Inc. expects profit this year to exceed estimates following a slow start, as steady demand for air travel keeps an industry recovery going into 2023. Full-year adjusted earnings will be $2.50 to $3.50 a share, the Fort Worth, Texas-based carrier said in a statement Thursday that also detailed fourth-quarter results. […]
Chipotle Seeks to Hire 15,000 Workers Amid Tech Layoffs
(Bloomberg) — Chipotle Mexican Grill Inc. is adding 15,000 jobs across its North American locations — a sign that demand for restaurant food is robust despite high inflation and economic uncertainty. The burrito chain’s hiring push is meant to ensure its more than 3,000 US restaurants are fully staffed for the company’s busiest season, which […]
