Faith-Based Daily Awareness Post 11 March 2025

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters. 

Weekly Security Sprint EP 102. Ransomware, Terrorism report, recognizing behaviors 

The Gate 15 Security Sprint is a weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.     

In this week’s Security Sprint, Dave and Andy covered the following topics:

• Ransomware & Data Breaches 
• Terrorism 

Information on other Gate 15 podcasts can be found  here.  

New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024 

In 2024, the Federal Trade Commission (FTC) reported a significant increase in losses due to fraud, totaling $12.5 billion. This marks a sharp rise from the previous year, driven largely by scams involving online transactions, investments, and credit cards. The data reveals that the most common types of fraud were imposter scams and online shopping fraud, with consumers increasingly losing money through digital channels. The FTC continues to encourage reporting fraud to help protect consumers and combat these growing threats.  

Analyst Comments: The sharp rise in fraud, especially on online platforms, highlights the rapid shift in consumer behavior toward digital channels. As more individuals shop and invest online, fraudsters are exploiting this expanding market, taking advantage of weaknesses in online payment systems, social media, and e-commerce platforms. Faith-based organizations can play an important role in helping to raise awareness about these threats within their communities. 

• Avoiding Scams and Scammers 
• How to Avoid a Scam 

Hacker accessed PowerSchool’s network months before massive December breach 

A hacker gained unauthorized access to PowerSchool’s network months before its massive breach in December 2024, according to forensic report by CrowdStrike. The breach occurred between August 16 and September 17, 2024, involving the use of compromised support credentials that were later exploited during the December breach. PowerSchool initially detected authorized activity from December 19 to December 28, 2024.  

CrowdStrike’s investigation revealed that these compromised credentials allowed access to PowerSchool PowerSource, the customer support portal used to manage school information systems. While CrowdStrike could not link the early access to the same hacker responsible for the December breach, it suggested that the breach could have been prevented if the credentials had been changed earlier.  

Analyst Comments: Reports suggest that the personal information of more than 60 million students was accessed. It is important for organizations to remember that technology solutions that are meant to allow for efficiency and organizational growth can also decrease the security of an organization as well. FB-ISAO members are encouraged to engage in vendor risk management best practices prior to adopting new services that may deal with sensitive information. You can learn more about conducting vendor risk management surveys here.