Podcast Summary: "Inside a Cyber Attack: Lessons for Schools from the Front Lines"

School Business Insider, ASBO International
Host: John Brucato
Guest: Jonty Mongan (Global Head, Gallagher Cyber Risk Management)
Date: September 9, 2025

Episode Overview

This episode delves into the critical and fast-evolving topic of cybersecurity in schools. Host John Brucato invites Jonty Mongan, a global leader in cyber risk management at Gallagher, to share real-world insights from his extensive experience responding to cyber attacks. The discussion covers why schools are prime targets for cybercriminals, the anatomy and aftermath of attacks, leadership and personnel trends, and pragmatic steps schools can take to fortify their defenses. The conversation is both sobering and actionable, empowering school business officials with knowledge to better safeguard sensitive student and staff data.

Key Discussion Points & Insights

1. Why Are Schools Prime Targets?

(04:13–06:24)

• Leverage and Emotional Pressure:

  • Cybercriminals target schools because "they have the ability for the cyber attack to become very personal" (Jonty, 04:42).
  • The strong emotional investment parents and staff have in student safety gives attackers powerful leverage:

    "If you are a cyber gang attacking a school and getting it right, you have immediate leverage because everybody involved...doesn't want any harm to come to the individuals." (Jonty, 05:01)

  • Extortion is often highly effective: expose sensitive data and face public outrage, lawsuits, or regulatory action.

• Comparison to Other Industries:

  • Attacks on manufacturing or less personal services don’t yield as much pressure or attention.

2. Anatomy of a Modern Cyber Attack

(06:46–08:49)

• Double Extortion & Reconnaissance:
  • Attackers may "sit on that network for...three months" mapping where data and backups are stored (Jonty, 06:57).
  • Typically executed over weekends for minimal oversight.
  • Double extortion: Extort for both network access (decryption) and to prevent sensitive data from being leaked:

    "The leverage point is not pay me to give your network back. It's pay me to not use this data in the public." (Jonty, 08:04)

  • Attackers commonly extract several terabytes of data and still threaten exposure even if the network is restored.

3. The “Ethics” of Ransomware Operators

(09:04–12:54)

• "Honor Amongst Thieves":

  • Attackers tend to create a reputation for returning data once paid, breeding trust for future payouts:

    "Every single time the attacker has provided what they said they would." (Jonty, 11:50)

  • If not paid, data often appears on dark web forums, leading to long-term harm (credit, identity, medical issues).

• Impact & Emotional Toll:

  • For school officials and parents, breaches are deeply personal and long-lasting.

4. Shifts in Tech & Cloud Infrastructure

(12:54–15:07)

• Cloud vs. On-Premises Risks:
  • Cloud services offer better technical controls but present systemic risks:

    "Cloud consolidation definitely has a risk of systemic threat...However...you're generally accessing a more proven and secure product." (Jonty, 13:41)

  • Risks arise when third-party vendors’ security is unchecked by the school.

5. The First Hours of a Cyber Attack

(15:07–19:39)

• Chaos, Stress & Leadership:
  • Most attacks unfold when staffing is minimal (weekends, early morning).
  • Immediate confusion:
    • Who to call for help and forensics?
    • Insurance coverage?
    • Internal communications and blame vs. support culture.
  • Leadership tone is critical:

    "The leadership...can change the color of the response quite significantly." (Jonty, 17:05)

  • IT staff frequently experience intense stress and burnout.

6. Changing Role of School IT Departments

(19:39–21:49)

• Digital Transformation in Education:
  • Schools are now de facto tech organizations, managing hybrid learning and digital communications.
  • There’s a growing need for cyber specialists over traditional curriculum IT backgrounds.

7. Memorable Case Study – Attack on a Care Home

(21:49–24:37)

• Real-world Consequences:
  • Attack left a care home without backups, forcing six months on paper-based records and risking patient safety.
  • Underscores how cyber incidents target the vulnerable and how quickly operations can collapse.

8. Personal Risks for Cyber Defenders

(25:34–28:24)

• Practicing What You Preach:
  • Jonty has withdrawn from social media and increased privacy to protect himself and his family.
  • Education sector leaders must recognize even greater responsibilities given the sensitivity of their data:

    "Cybersecurity these days is just a cost of trade. You have to invest in it. It's not an option anymore." (Jonty, 28:23)

9. Internet of Things – Simplicity as Security

(28:24–31:23)

• Less Is More:

  • Both John and Jonty prefer low-tech home environments.
  • More connected devices mean more attack surfaces—and challenges in privacy.

• Anecdotes on Tech Evolution:

  • Brief, nostalgic tangent about simpler technology eras and the complications of modern digital life, especially with children.

10. When Does a Cyber Incident Go "From Bad to Worse"?

(33:46–38:27)

• Critical Turning Points:

  • Is there an untainted backup? If not, recovery may take months or be impossible.
  • Extent of data exposure: Not knowing what data was taken complicates response and notification.
  • Resource/Staff burnout and Public Relations fallout: Internal and external communications crises fuel escalation.

• Practical Takeaway:

  • Always maintain "immutable" (cannot be altered) air-gapped backups.

11. Concrete Steps to Protect Schools

(38:27–42:54)

• Multi-factor authentication (MFA):
  • Essential for staff access, especially IT admins.
• Patch management/vulnerability scanning:
  • Continuous updates and monitoring for known flaws.
• Immutable/backed-up data:
  • Regular, offline backups.
• Human firewall (training and awareness):
  • Ongoing, scenario-based employee education and phishing tests.

    "Statistically speaking, the best thing that schools could do is to invest in a very good training and awareness campaign for all of their staff." (Jonty, 41:18)

12. Parting Thoughts & Recommendations

(42:54–44:11)

• Make It Personal:

  • Frame cybersecurity as protecting your own family:

    "How would it make you feel if that image or that file was being used for financial gain?" (Jonty, 43:13)

• Leverage Resources:

  • Seek expert help when needed; Gallagher and organizations like ASBO can provide support.

Notable Quotes & Memorable Moments

• On Why Attackers Target Schools:

  "Dear Mr. Mongan, we have your child's information and we're going to publish it...That just takes a completely different tone."
  (Jonty, 05:01)

• On “Honor Amongst Thieves”:

  "There is honor amongst thieves...every single time the attacker has provided what they said they would."
  (Jonty, 11:18 & 11:50)

• On Human Element:

  "Statistically speaking, the best thing that schools could do is to invest in a very good training and awareness campaign for all of their staff."
  (Jonty, 41:18)

• On Cloud Risks:

  "Cloud consolidation definitely has a risk of systemic threat...However...you're generally accessing a more proven and secure product."
  (Jonty, 13:41)

• On Leadership in Crisis:

  "The leadership of that business...can change the color of the response quite significantly."
  (Jonty, 17:05)

Important Segment Timestamps

| Topic | Timestamp | |----------------------------------------------------------|-------------| | Introduction of guest and Gallagher's mission | 01:32–02:49 | | Why schools are targeted (leverage, emotional pressure) | 04:13–06:24 | | Double extortion: anatomy of attacks | 06:46–08:49 | | On ransomware attackers’ reputations | 09:04–12:54 | | Cloud vs. on-premise risks for schools | 13:29–15:07 | | What happens in the early hours of an attack | 15:30–19:39 | | Changing IT skill demands in education | 19:39–21:49 | | Case study: care home attack (impact and fallout) | 21:56–24:37 | | Jonty’s personal security and privacy practices | 25:34–28:24 | | Simplicity vs. Internet of Things; school tech shifts | 28:24–31:23 | | When incidents escalate: backups and more | 33:46–38:27 | | Safeguard priorities for schools | 38:44–42:54 | | Final advice for school business officials | 42:54–44:11 |

Actionable Takeaways for School Leaders

• Prioritize immutable, air-gapped backups.
• Mandate multi-factor authentication for all staff, especially IT.
• Regular patching and vulnerability scanning—address weak spots quickly.
• Continuous, realistic cyber awareness training for every employee.
• Frame cybersecurity as personal: what if it was your own child’s data?
• Engage with credible partners and experts—being prepared beats reacting under stress.

This episode delivers a grounded, candid, and urgent call for schools to take cybersecurity seriously—not just for compliance, but to protect the children and communities they serve.