OVERVIEW
Massive databases full of protected personal information, thousands of users to phish, countless endpoints to slip through, small IT teams, and overburdened systems make educators a high-value target for attackers. We see new reports of cyberattacks aimed at educational institutions every time we look at the news. Most require months of recovery time and result in lost data, stolen personal information, and a crippled IT infrastructure.
We can’t employ enough people to sit there looking at all of this. We’ve got to automate our response time, our responses, and our monitoring of our system.
DILIGENCE ISN’T ENOUGH
Most ransomware attacks go unnoticed until it’s too late, sneaking in on innocent-appearing attachments or software engineered to appear legitimate to the user. Training employees, a solid tech stack, and a strong security architecture can help, but attackers are always coming up with new ways to bypass your defenses. The employees at TUSD are well-trained and know to be wary of unknown attachments and emails from strangers. They know how to recognize social engineering and prevent phishing attacks. They understand they shouldn’t open unsolicited emails, click on links, or open unknown files. That wasn’t enough.
AN OUNCE OF PREVENTION
The Torrance Unified School District had a proactive cybersecurity approach in place, including quarterly simulated phishing attempts to train their staff to be vigilant. Gil Mara, Chief Educational Technology and Information Services Officer, knew that wasn’t enough, “We can’t employ enough people to sit there looking at all of this. We’ve got to automate our response time, our responses, and our monitoring of our system.” The rapid technological advances being leveraged by attackers also played into ongoing security concerns, “With the advent of AI, GPT, and now hackers being able to leverage AI tools to write code and to enhance their attacks, it’s more imperative that we have something in place.” With the approval of district leadership, Mara expedited the deployment of BullWall.
IMMEDIATE RESPONSE BY BULLWALL
Within a month of deployment, an employee received an email with an attachment from her son’s doctor’s office. Since she was expecting this document, she downloaded it – not realizing it was a malicious file that began infecting her computer. BullWall immediately went to work and locked down the infected device, blocking the employee’s access to the rest of the network. BullWall’s realtime visibility into file transactions and movement allowed the district’s IT team to gain insight into the attack, providing critical information for a swift response. The automated containment response was ready to act, further reducing the potential damage. “We don’t know how bad this would’ve been had it executed itself,” Mara shared. Instead, the infected computer and account were immediately disabled, preventing further harm. Most importantly, there was no loss of data or encryption of files. BullWall proved invaluable when the realtime monitoring and automated response capabilities not only thwarted a potentially devastating attack but also provided peace of mind. The incident underscored the fact that no educational organization, regardless of size, can afford to overlook the ever-present threat of cyberattacks.
