Maggie Bashore has an article on ransomware attacks hitting Iowa school districts over the past three years that covers a lot of issues, including the costs of cyberinsurance over time and the difficulties smaller districts may have in meeting requirements to even get a policy. She reports, in part:
Fringer advises 45 school districts in southwest Iowa and connects them to recommended insurance vendors. While larger schools are more likely to have IT departments, he said, many smaller districts are led by a technology director without formal training. This often means smaller school districts have a more difficult time meeting insurance requirements.
Her article also addresses the lack of transparency in disclosing ransomware incidents. As an example:
The Linn-Mar school district initially described its ransomware attack in late July of 2022 as “technical difficulties” within the school’s servers. However, a leaked image of one district computer revealed that the school’s files had been encrypted by a ransomware group known as Vice Society, which wrote on its website that it would release the school’s important documents, photos and databases to the dark web.
And while some advise districts to handle ransom privately and not disclose for frear it will encourage more attacks, Randy Evans, executive director of the Iowa Freedom of Information Council, may be my brother by another mother as he is calling for schools to disclose ransomware attacks and payment amounts.
“Government entities belong to the public and not to government officials,” Evans said, referring to the Cedar Rapids district attack. “The owners of the Cedar Rapids school district ought to know: Did they pay a ransom, how much did they pay, what assurances they have that the problem is resolved?”
Amen.
Read Bashore’s full article on Quad-City Times.