In January 2020 it was reported there were three individual fraudulent transactions across the Manor Independent School District occurred. These were as a result of a phishing scam. CBS reports that the scam took place during November 2019.
According to Newsweek, the school district said there are “strong leads” in the case. However, the investigation is ongoing. Further details about the scam have yet to provided.
Wendt’s point-of-view about this type of cyberattack is that educational and government institutions must do more in order to mitigate the risk of future scams of a similar nature.
Greg Wendt is Executive Director of Texas (U.S.), based Appsian, a company that specializes in enterprise resource management data security. The company has many customers in education (such as Cornell University and PennState) plus several in state and local government (such as the State of Ohio and Lane County Oregon).
Discussing the attack on the Texan education network, Wendt explains that: “Phishing attacks such as this are sophisticated, meticulously planned, and strategically executed leaving very little time to react. It is unfortunate that in this case the phishing scam was able to recur three times and resulted in millions lost.”
In terms of how the school area should respond going forwards, the analyst says that prevention is key: “In order to mitigate the risk of phishing scams moving forth, Manor Independent School District must implement a custom security strategy that provides fine-grained user access control.”
Discussing the critical cybersecurity options hat need to be put into place, Wendt adds: “By deploying adaptive Multi-Factor Authentication, organizations are able to significantly enhance security with additional user authentication – both at login and inside an application. Contextual controls also mitigate cyber risk by adapting policies in accordance with changing context of user access. Furthermore, by deploying granular logging and real-time analytics, an organization gains comprehensive insights into user activity.”
He concludes his review of the phishing scam by stating: “When armed with actionable data, Manor Independent School District can identify suspicious activity immediately and take remedial measures before an attack results in costly damages.”