Glasswall CEO speaks out on FinalSite ransomware attack

Danny Lopez, CEO of Glasswall, speaks to Cyber Magazine following the recent FinalSite ransomware attack affecting over 8,000 global schools.

School website services provider, FinalSite, has suffered a ransomware attack disrupting access to websites for the 8,000 schools and universities, across 115 different countries, that it hosts. 

FinalSite is a software as a service (SaaS) provider that offers website design, hosting, and content management solutions for K-12 school districts and universities. 

After three days of disruption, FinalSite confirmed today that a ransomware attack on its network is causing the outages. "We are incredibly sorry for this prolonged outage and fully realize the stress it is causing your organisations," it said in a statement. "While we have made progress overnight to get all websites up and running, full restoration has taken us longer than anticipated," the statement concluded. 

Danny Lopez, CEO of  cybersecurity Glasswall, said: "Reports of the education sector being the victim of cyber attacks have become increasingly common over the last two years. News like this regarding FinalSite is concerning considering the extensive damage that can be caused in terms of lost data – for both students and staff – and access to vital educational services. 

"Educational institutions should adopt a ‘defence-in-depth’ approach to cybersecurity, as advised by the NCSC. This means using multiple layers of defence with several mitigations, which creates more opportunities to detect malware and prevent it from doing widespread harm to the institution," he added.

"But even when all procedures and policies are well-executed, there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities. Often this is as simple as inserting malware using documents and files shared in their hundreds every day in an educational environment. It's vital these organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing all users to do their vital work," said Lopez.

"Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers, it is crucial to strengthen all processes relating to access verification. Without a zero-trust approach, organisations run the risk of attackers having a free reign across a network once they are inside," Lopez concluded.


Featured Articles

Secure 2024: AI’s impact on cybersecurity with Integrity360

With 2023 seeing increased AI in cybersecurity, and rising cyberattacks, Integrity360 leaders consider what the 2024 cyber landscape will look like

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Network Security

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI