Snapshot
- In November 2020, Newcastle Grammar School, an independent coeducational school in NSW’s Hunter region, experienced first-hand the devastating effects of a ransomware attack.
- The extortion attempt crippled all IT systems, compromising sensitive data of over 900 students and staff, despite the school having conducted a cyber assessment just three months earlier.
- A ransom of $1 million in crypto currency was demanded.
Organisations are facing a new cyber threat reality. Ransomware continues to escalate in frequency, sophistication and severity across all types of organisations and all industries. Hundreds of Australian businesses are being impacted by extortion attempts with ransoms ranging from thousands to the millions1.
It is critical for organisations to be prepared with robust controls, incident response processes and tested business continuity management and disaster recovery plans.
In November 2020, Newcastle Grammar School, an independent coeducational school in NSW’s Hunter region, experienced first-hand the crippling effects of a ransomware attack.
School Principal, Erica Thomas likened the cyber attack to a home invasion.
“We felt we had the right security, and mindset about the risk of cyber. As a business we didn’t feel we were overly exposed or vulnerable because we felt we had taken the steps to address this exposure, but we quickly realised we are not impenetrable.”
The attack crippled all IT systems, compromising sensitive data of over 900 students and staff, despite the school having conducted a cyber assessment just three months earlier.
Th attackers demanded a ransom of $1 million in crypto currency.
Immediate impacts
- Brand and reputation: Newcastle Grammar School suddenly became front page news for all the wrong reasons. Managing communications with the school community including students, parents and staff, as well as the media, became a “full-time job”.
- Data loss: Permanent and temporary loss of sensitive information such as staff financial records, photographs and documentation were just some of the immediate data compromises that impacted the school. Contacting parents to request students stay at home was made incredibly difficult, with access to contact information no longer available.
- Staff and student morale: In addition to the pressure already felt by an exhausting pandemic year, students were unable to attend school as all systems were rendered inoperable, and staff had to re-write all end of year exams and reports.
- Exposing vulnerabilities in risk management: A significant cost and time investment was required to recover and rebuild vulnerable systems.
How Aon helped
As the school’s Cyber Insurance broker, Aon was there to support Newcastle Grammar with IT resourcing, legal, public relations and claims support.
With Aon’s support Newcastle Grammar School was able to successfully re-establish its systems over a 5-week period and avoid paying the ransom.
Watch the full case study interview below.
1https://www.cyber.gov.au, https://www.asbfeo.gov.au, https://home.kpmg/au/en/home/insights/2020/08/cyber-security-2020.html, https://www.abc.net.au/news/2021-01-11/australians-turning-point-on-cyber-security-cyberattacks-crime/13018884
