School’s in Session: Security and Vulnerability Assessment Is Cybersecurity 101

School’s in Session: Security and Vulnerability Assessment Is Cybersecurity 101

By | December 3, 2020

As a parent, I’ve seen the challenges of a remote learning environment firsthand.

And, having listened in on school board meetings, I know the strong opinions many parents have about whether to reopen the schools, move to a hybrid situation or continue a full remote-learning environment during COVID-19. There’s no cut-and-dry answer on how to proceed, but thankfully technology gives us options that were not available during the last pandemic in 1918.

Yet, coming off a well-deserved Thanksgiving break, Baltimore-area kids found themselves getting a couple of extra unplanned days off. Why? A ransomware attack that targeted the Baltimore County Public School system forced the school to close down for two extra days.

Ransomware is a form of cyberattack where malware is loaded onto someone’s computer or a computer network that locks users out until they pay to access their own system or information. According to the Baltimore Sun, the FBI is working with the Baltimore County police department and the state’s Emergency Management Agency to investigate the cyberattack.

The school system put a positive spin on the extra time off. They said in a written statement, “This provides much-needed time for our staff to continue working to set up the instructional platform and to communicate next steps regarding devices.”

This might be true, but that doesn’t mean people, especially the students, won’t be affected by the situation. Thankfully, it won’t impact student meals, but there are other areas of concern. E-learning, itself, can lead to social isolation, but kids can also try to fill unsupervised time with unproductive or even potentially dangerous activities such as cyberbullying. We’re not saying that this has or will happen in this situation, but the point is that cyberattacks have real consequences for businesses and organizations.


security & vulnerability - an elephant-sized problem
E-bookSecurity & Vulnerability: An Elephant-sized Problem
Organizations must have a sound plan in place to deal with attacks to ensure the safety of their people, property, assets and reputation.


The question is: How do these cyberattacks keep happening? When I spoke to Ronald Palermo, Sphera’s chief information security officer, about cyber risk, he told me that the attacks continue to evolve as there are people working around-the-clock to find new ways to infiltrate company and personal systems.

Ronald Palermo’s Quick Tips to Avoid Phishing

  1. Ask yourself, “Am I expecting this email?
  2. Look for odd spelling or typos.
  3. Hover over the link to see where it would lead you if you clicked it, but don’t click it.
  4. If the link would take you to a website with an unusual URL, you know it’s phishing.
  5. If the link looks legitimate, open a separate browser and go to the organization that sent the link’s website. Especially for larger organizations, like PayPal, you can access the same information if you sign into the messages section of your account on the organization’s website.
  6. If you’re still not sure, contact the company directly. It might be more time-consuming, but it’s better to be safe than sorry.


“We know that the bad guys have taken a very personal approach through phishing attacks to go after, and they’re going after very specific people within an organization. And it’s a concern because they are getting really good at it. They’re able to craft messages and communications that essentially mirror what we would do internally and what other customers would do internally.”


Separately, in Africa, a recent report found that the Digital Transformation of ports in the shipping industry could “quickly disrupt” the supply chain should a cyberattack take place. The point is the level of sophistication related to these electronic disruptions continues to rise worldwide.

In other words, for businesses, school systems or any other organization or entity, all it takes is one person to click on a phishing link, and the cybersecurity of the whole organization could be compromised.  As we note in the e-book “Security & Vulnerability: An Elephant-sized Problem,” a report from last year produced by Lloyd’s Corp. among others detailed how one hypothetical cyberattack could lead to $85 billion to $193 billion in damage should a malware message be passed along to other contacts inside and outside of the company.

Fans of the TV show “Big Brother” are familiar with the catchphrase, “Expect the unexpected,” and the same holds true when it comes to planning for unknown risks, whether they are focused on the cyberworld or the real world. It’s not an easy subject to discuss nor is it always a safe one to talk about as you wouldn’t want to give anyone any ideas, but—unlike a Process Hazard Analysis (PHA), Hazard and Operability (HAZOP) or any other risk study—Security and Vulnerability Assessment is designed to help organizations plan for the potential ramifications from an intentional attack.

An SVA is a necessary endeavor to help ensure there’s a plan in place should the safety of the people, systems or assets within an organization be compromised. There is no textbook example of how a cyberattack could occur or when, so it’s important to do your homework beforehand if you want to get a passing grade.


The Best of Spark Delivered to Your Inbox
Sphera is the leading provider of Environmental, Social and Governance (ESG) performance and risk management software, data and consulting services with a focus on Environment, Health, Safety & Sustainability (EHS&S), Operational Risk Management and Product Stewardship.
Subscribe to Spark
Receive expert content from Sphera about Safety, Sustainability and Productivity.