A computer protection program from CrowdStrike that District 233 purchased in February paid for itself on March 11, when one of the servers at Homewood-Flossmoor High School was attacked.
Steve Richardson, director of information technology, told the District 233 school board at its April 19 meeting that a malicious attempt to take over a server at 2:35 a.m. was halted through CrowdStrike which immediately took the server off-line and launched an investigation on how the attacker was trying to gain access.
“This is just a perfect example of how valuable this service is,” he said. “At 2:35 a.m. our reaction time would have been much longer. We wouldn’t see a lot of these alerts until that following morning, giving the attacker time to try different methods and gain access to the system.”
“We’re seeing value in the solution already. We’ve be able to stop a lot of virus infections on our work stations already within the school” and blocked access through the district’s filtering methods, Richardson said.
Although the attack was on a server that was for non-critical uses, such as emails, “it still was an active attack” against the district’s computer system, Richardson said, noting that over time the hacker could have found ways to develop false email addresses to gain access and do serious damage through spam, phishing attacks and use of exploratory methods to get into the system.
The district signed a one-year, $76,637 contract with CrowdStrike for 24/7 services. Richardson said without the service, the district’s costs would have been much greater as it attempted to stop the attack and recover from it.
“So, it’s been an invaluable tool to see what’s going on inside, to see what’s going on with our network,” he told school board members.
Richardson said hackers are usually from countries that don’t have extradition treaties with the United States, “so it’s difficult to try and take any (legal) actions.” CrowdStrike believes this intrusion was from a China IP address.