ទីក្រុងញូវយ៉ក DOE បម្រើជាការរំលឹកលើការអ៊ិនគ្រីប - ទុកចិត្តប៉ុន្តែផ្ទៀងផ្ទាត់

ប៉ុស្តិ៍ភ្ញៀវហូដលអិច  បញ្ជូនប្រៃសណីយ៍របស់អ្នក

Eight hundred twenty thousand - that’s how many NYC students were affected by 2022 hackers who attacked a vulnerability in the school system’s technology infrastructure. The breach occurred in software provided to the school system by ‘Illuminate Education,’ and it resulted in access to names, birthdays, ethnicities and free-lunch statuses, among other items.

It is possible that the system was targeted with the hope of finding a treasure trove of SSNs or financial information - both items that we have been told were not collected. The attack was the result of the company failing to encrypt its platforms.

Chancellor David Banks, while calling for city, state and federal investigations, told The Post,

“We are outraged that Illuminate represented to us and schools that legally required, industry standard critical safeguards were in place when they were not.”

Perhaps it might make sense to elected officials unfamiliar with cybercrime that a company’s assurances in regard to encryption and other cybersecurity measures are sufficient.

However, this attack isn’t unique. So many institutions, relying on external technology providers simply take their word for it when it comes to security – and it isn’t unique to public schools, which may not feel that they are a top-tier target for cybercrimes.

Consider the number of cryptocurrency exchanges and other DeFi marketplaces that have seen exploitations and breaches. Many exchanges and marketplaces are more interested in the business of garnering new customers than keeping user assets safe.

As a consequence, they utilize technology that is no match for the skill set of today’s hackers. Many times, though, they aren’t rich in technological knowledge. Even CTOs are without extensive experience in preventing sophisticated cyberattacks. Often, they outsource their entire security apparatus, relying entirely on the claims of external providers and vendors.

The mistake is not in utilizing outside vendors. In fact, finding a provider that has more significant experience in building the technology infrastructure required for your business is often an excellent idea. The mistake is in trusting a provider without verifying the quality of their work. It isn’t enough for a vendor to say that they offer industry-standard encryption services.

There’s nothing more important to a digital asset exchange’s long-term success than its ability to keep those assets safe. It is incumbent on the operator of an exchange - or in this case, the school district - to ensure that they are prudently spending their cybersecurity funds. Any company that collects personal information or financial data has a duty to be a good steward of the trust they have been given.

You may think that school districts and cryptocurrency exchanges have a vastly different set of challenges. In some ways, that is true. Different kinds of hackers target different kinds of entities, utilizing different skill sets. But fundamentally, both must be prepared to deal with bad actors.

In this attack, teachers saw homework completion decrease significantly. And the system was also used to track Covid-19. When the system went down in January, so did their ability to track student exposure. There were real consequences in this failure to protect students. And while the attack wasn’t one that saw $600 million in assets disappear - as we recently saw in the exploitation of the Ronin sidechain - it was one that could have been avoided.

Fundamentally, we as a society must hit the reset button on cybersecurity. We need to throw out the old playbook and develop a new vision for dealing with cutting-edge threats, especially with an ever-expanding cyberwar brewing as a result of the Russia-Ukraine conflict. The urgent need for a paradigm shift has never been greater.

Richard Gardner គឺជានាយកប្រតិបត្តិរបស់ ម៉ូឌុល. គាត់គឺជាអ្នកជំនាញលើប្រធានបទដែលត្រូវបានទទួលស្គាល់ជាសាកលអស់រយៈពេលជាង XNUMX ទសវត្សរ៍ ដោយផ្តល់ជូននូវការយល់ដឹងដ៏ស្មុគស្មាញ និងការវិភាគលើរូបិយប័ណ្ណគ្រីបតូ សុវត្ថិភាពតាមអ៊ីនធឺណិត បច្ចេកវិទ្យាហិរញ្ញវត្ថុ បច្ចេកវិទ្យាឃ្លាំមើល បច្ចេកវិទ្យា blockchain និងការអនុវត្តល្អបំផុតនៃការគ្រប់គ្រងទូទៅ។

ពិនិត្យចំណងជើងថ្មីៗនៅ HodlX

សូមអនុវត្តតាមពួកយើងនៅលើ Twitter Facebook Telegram

ពិនិត្យចេញ សេចក្តីប្រកាសឧស្សាហកម្មចុងក្រោយ  

ការបដិសេធ: មតិដែលបានសម្តែងនៅឌឹដហូមដស៍មិនមែនជាដំបូន្មានវិនិយោគទេ។ វិនិយោគិនគួរតែប្រឹងប្រែងដោយយកចិត្តទុកដាក់មុនពេលធ្វើការវិនិយោគដែលមានហានិភ័យខ្ពស់នៅក្នុង Bitcoin, cryptocurrency ឬទ្រព្យសម្បត្តិឌីជីថល។ សូមណែនាំថាការផ្ទេរនិងការធ្វើពាណិជ្ជកម្មរបស់អ្នកគឺជាហានិភ័យផ្ទាល់របស់អ្នកហើយការបាត់បង់ណាមួយដែលអ្នកអាចទទួលរងគឺជាទំនួលខុសត្រូវរបស់អ្នក។ Daily Hodl មិនបានផ្តល់អនុសាសន៍ឱ្យទិញឬលក់រូបិយប័ណ្ណគ្រីបថលឬទ្រព្យសម្បត្តិឌីជីថលទេហើយក៏មិនមែនជាអ្នកផ្តល់ប្រឹក្សាផ្នែកវិនិយោគផងដែរ។ សូមកត់សម្គាល់ថាឌឹដេវហូដចូលរួមក្នុងទីផ្សារសម្ព័ន្ធ។

រូបភាពដែលមានលក្ខណៈពិសេស: គម្រោង Shutterstock / ការរចនា