Cybersecurity Expert Says Prov Schools Have “Moral Obligation” to Disclose Information About Attack
GoLocalProv News Team
Cybersecurity Expert Says Prov Schools Have “Moral Obligation” to Disclose Information About Attack
Rob Fitzgerald of Blue Mantis, a leading technology firm with a specialty in cybersecurity, discussed with GoLocal on Friday the best practices for analyzing, managing, and combatting cyberattacks.
GET THE LATEST BREAKING NEWS HERE -- SIGN UP FOR GOLOCAL FREE DAILY EBLAST
Moral Obligation
GoLocal reported this week that PPSD has refused to answer critical questions about the cyberattack and its potential impact on students, families, and employees.
“As a community-driven organization, they have a moral obligation to share information honestly, openly, and quickly,” said Fitzgerald. It has been reported by global security firms that the ransomware gang Medusa has control of some or all PPSD files.
“To not take ownership about there is a problem going on and that they understand what the problem is and not to share it is unacceptable,” said Fitzgerald.
The cyberattack, believed to be a ransomware attack, is now in its third week or more. GoLocal first reported the attack on September 11, 2024.
Fitzgerald says it is important to control the message.
“Either you are going to control the message, or the ransomware gang is going to control the message,” Fitzgerald said.
"The district has an obligation to notify community partners that they are at risk and to alert them as to what has happened. At a minimum, to alert them that they too are at risk, but at a maximum to ensure control over a very dramatic situation,” said Fitzgerald.
“They may have health insurance information. And there is so much information — banking information, pension information — and it goes back for years and years,” said Fitzgerald.
Only on Friday did PPSD send a message to teachers and staff urging them to review their credit scores.
The district is supposedly working to engage a third-party credit monitoring service, but that has not been finalized weeks after the cyberattack.
What Should Be Done Now
Fitzgerald said that in a cyberattack, negotiations should take place. He says he has negotiated hundreds of times to resolve the issue.
“I have, in many cases, negotiated with the ransomware gangs for a cost-adjusted payment. Historically, it has been negotiable, but recently, it has become less negotiable. They work in good faith because, at the end of the day, they are in it for the money. They are capitalists,” said Fitzgerald.
"In my 25 years, I have never seen the same group [who was paid ransom] come back in unless they feel they were cheated or scammed. There is honor among ‘businessmen,’ and these businessmen happen to be thieves,” he added.
Fitzgerald said that while the ransomware gang may be paid and the group does not come back again, that group will sell to others how they penetrated the company or school department's security.
He said more than 80% of those who are hit by a ransomware gang will be hit again.
Fitzgerald that the school system needs to take significant steps to ensure that future attacks do not occur.
Union Needs to Be Active
“If I was the head of the [teachers] union. I would be coming after this [for the lack of communications] very, very hard because, quite frankly, the union understands what the district [needs to be] doing to protect individuals' information,” said Fitzgerald.
Fitzgerald strongly urged companies or governmental agencies facing a cyberattack to act quickly and tap outside legal, technology, and crisis communication experts to ensure they are receiving unbiased and experienced expertise.
Blue Mantis is headquartered in New Hampshire and has an office in Pawtucket, RI.