- April 15, 2024
-
-
Loading
Loading
Although it’s been more than a month since the Sarasota County School District’s computer network system was attacked by malware, district staff is still working to restore the system to its previous state.
Joe Binswanger, the director of IT for the district, said there are still some servers being restored and that he is hopeful the process will be completed by next week at the latest.
The cyber attack allegedly performed by Michael Levanti, a Sarasota School District employee, which affected more than 350 servers and 50,000 users, has cost the district more than $50,000 to date,
Binswanger said. Levanti is currently on paid administrative leave until the investigation is complete.
The district was not wholly unprepared for the situation, he said. It had a disaster recovery plan in place that had undergone field testing.
“But living through it, we saw areas of success and areas for improvement (in the plan),” Binswanger said. “So now, we’ll be better prepared.”
The school district’s servers are housed with Sarasota County’s, but county IT Director Glenn Zimmerman said they’re not connected to the county in any way.
“They have their own network — we’re just giving them the space. They even have their own locks,” Zimmerman said.
Sarasota County’s IT department has its own set of protections against hackers and cyber attacks — ones that focus security around county employees.
Scott Gibbs, the county’s enterprise system architect, said the county runs on the “principle of least access,” meaning users are only allowed to access the bare minimum in the server needed to complete a task.
Gibbs said the county is prepared for an internal attack such as the school district’s. The IT department is alerted when county employees quit or are fired, so it can monitor that person’s access to the county system.
Every county user’s actions — about 3,500 users — on the county’s network is connected to their username, so if something goes wrong, there’s a digital bread crumb trail, Gibbs said.
“The biggest vulnerability is internal — you need to have a good plan in place,” Zimmerman said.
IT staff also keep a real-time monitor on failed log-in attempts, especially from users with higher access into the server system. The on-time reporting can alert the department of a possible attack.
Zimmerman said attacks are possible, but the county is confident that the checks and balances put in place by these various security measures would deter an attack.
Binswanger said the school district and county IT have been in communication after the cyber attack, and the district is moving forward with tighter security to prevent future incidents.
He would not disclose the increased safety measures, but said they are stronger and compiled with a different architecture than the previous security provisions.
