Skip to content
+1 512 696 1522
Facebook page opens in new windowTwitter page opens in new window
LUCY Security
LUCY Security
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)

PRESS

Jan172020
Press

Protecting Employees, Students and School District Resources From Cyber Attackers

Lucy Security works with many K-12 districts across the country to help build cybersecurity awareness and protect against phishing attacks (most ransomware attacks start with a simple phishing email.)

Colin Bastable

Below are some comments from Colin Bastable, Lucy CEO, about the types of trends and issues he sees and what K-12 IT departments can do to protect their employees, pupils and district resources from clever cyber attackers.

According to Colin Bastable, CEO of security awareness training firm Lucy Security:

Education: an easy target for cyber attackers

K-12 school districts range from fewer than 100 employees to several thousand. Some have tiny budgets, and some have more significant resources, but they all struggle with vulnerability to cybersecurity attacks. Just this week, CNN reported that a Texas school district lost $2.3 million to an email phishing scam. Unfortunately, this news is just the latest in an ever-increasing trend of cyberattacks targeting K-12 schools.

According to the K-12 Cybersecurity Resource Center, more than 752 cyber incidents at K-12 schools have been reported since January 2016, resulting in loss of productivity as well as much-needed funds.

Common K-12 cyber scams

One common scam is the Gift Card Scam, where an email purporting to be from the school principal or a head of department asks an administrator or assistant if they can buy some $100 gift cards. Often, this might be during a break, such as Thanksgiving, when the school staff are unlikely to meet.

Once the admin has the cards, they email a reply (to the fake email address) saying “I have them” and the thief asks them to scratch off the security number and send pictures of the cards, “because I need to get the gift to the students today.”

Another common attack is to send a change of bank deposit details to the school payroll staff.

These are quite simple attacks, yet extraordinarily successful. More sophisticated attacks involve BEC (Business Email Compromise) attacks, like the gift card scam, but involving hundreds, thousands and millions of dollars in losses, where the imposter asks for urgent payments to be authorized.

Ransomware attacks are also prevalent in K-12 and local governments, causing multi-million-dollar losses and billions of losses worldwide.

People can make a difference

Regardless of industry, between 20% and 30% of employees have a high degree of vulnerability to email-delivered cybersecurity attacks. With regular training, people can be taught how to defend themselves and their employers security awareness tools, with a resultant 10 times reduction in risk. However, it’s easier for IT security staff to focus on technical defenses – easier, but less effective.

Losses from these attacks can all be mitigated significantly with strategically-run campaigns to train staff, by exposing them to regular and random simulated attacks over a sustained period. At Lucy, we take real-world examples like the ones I mention here and turn them into teachable moments. This identifies the most vulnerable employees, so that IT and HR can constructively help them be more secure.

Relying on technology alone is a common and major mistake. The fact is that, if cybersecurity technology was going to work, it would have eradicated phishing specifically and cybercrime in general by now. Instead, cybercrime grows year after year, because technical solutions are not as good as training people. Only 3% of losses from cyberattacks result from purely technical exploits: “patching people” has much higher ROI than patching systems training security awareness, although both are vital in defending against cybersecurity attacks.

source: EDUCATION IT REPORTER

Category: PressBy adminJanuary 17, 2020
Share this article
Share on FacebookShare on Facebook TweetShare on Twitter Pin itShare on Pinterest Share on LinkedInShare on LinkedIn Share on WhatsAppShare on WhatsApp

Author: admin

Post navigation

PreviousPrevious post:Plan your phishing simulation campaignNextNext post:Cyber protection solutions for the insurance industry using LUCY

Related Posts

New LUCY Security Release 4.8.4
January 3, 2022
LUCY Security presents User Awards 2021
December 27, 2021
LUCY Security presents international Partner Awards 2021
December 17, 2021
New LUCY Security Release 4.8.3
November 10, 2021
LUCY Security Acclaimed by Frost & Sullivan for Developing Security Awareness Training (SAT) Solutions with Its E-learning Platform
November 9, 2021
The new LUCY version 4.8.2. offers better ergonomics, multi-client LUCY LMS capability, easier handling of training content and total integration options
August 12, 2021
Recent Posts
  • New LUCY Security Release 4.8.4
  • LUCY Security presents User Awards 2021
  • LUCY Security presents international Partner Awards 2021
  • LUCY Security at ASIS Europe 2022 in Prague from May 22-24
  • LUCY Software NOT affected by the Log4j Bug
Archives
  • January 2022
  • December 2021
  • November 2021
  • August 2021
  • May 2021
  • April 2021
  • March 2021
  • January 2021
  • December 2020
  • September 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • June 2018
  • March 2018
  • November 2017
Categories
  • Blog
  • Event
  • Local Event
  • News
  • Press
  • ReleaseNote
  • Resources
  • TechBlog
  • Video
CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

SEARCH
CONNECT

Find us on:

Facebook page opens in new windowTwitter page opens in new windowYouTube page opens in new windowLinkedin page opens in new window
INFORMATION
  • Home
  • Solution
  • Editions
  • Resources
  • About us
  • Support Wiki
  • Contact
  • Demo request
LANGUAGE
  • English
LUCY Security
All Rights Reserved 2022











Noted in the press

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Privacy PolicyCookie PolicyACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.