On May 7, a Toronto school board and the North Carolina Department of Public Instruction announced that threat actors had recently contacted and attempted to extort school district employees. The messages, which reportedly demanded cryptocurrency payment in exchange for not releasing personal data, arrived months after a compromise of a popular K–12 software service called PowerSchool, which was used by the two organizations and millions of students.

“PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident. We do not believe this is a new incident, as samples of data match the data previously stolen in December,” a May 7 statement from PowerSchool began.

The ongoing disruption demonstrates a pair of disturbing trends: steady attacks on the education sector, and an increase in third-party compromises.

Hitting the books. According to a Center for Internet Security’s study between July 2023 and December 2024, 82% of surveyed K–12 organizations experienced “cyber threat impacts,” ranging from temporary shutdowns to limited access to files.

For more on third-party risks, keep reading here.—BH

To renew, or not to renew? That is the question some cybersecurity professionals ponder once they reach a certain point of their career.

In the cybersecurity industry, certifications are like Pokémon: some try to catch ’em all, while others take a more strategic approach. Tiyiselani Ntimbane, a senior information security officer at coal production company Exxaro Resources, estimates there to be “hundreds, if not thousands” of industry certifications that a professional can obtain in their career.

“Technology is quite fast. It’s quite a vast field, and with that comes different knowledge areas that people might be interested in,” Ntimbane said. “And with that, comes a selection of…certifications.”

Baggage. However, for some cybersecurity pros, there comes a time when collecting certifications begins to lose its luster. Joe Head, founder of Molto, a cybersecurity-focused personal branding agency, told IT Brew that there is a growing trend of professionals who are losing interest in maintaining their certification credentials.

“What I’m seeing is that a lot of people are saying, ‘I’m not going to renew this anymore,’” he said.

Will certs eventually become redundant? Keep reading here.—BM

Strength in numbers.

It’s been a wild ride for Nvidia, the company that has seen an explosion in growth with the rise of AI in the tech industry. The firm is promoting its accelerated computing stack as the way of the future in an effort to diversify how it’s seen in the public sphere to include more aspects of the AI revolution.

Nvidia has become known in recent years for its chips—but the company has developed a long list of offerings in its over 30 years of existence. With the expansion of its market share, Nvidia now aims to ensure it’s able to appeal to its new customer base. For company CSO David Reber, that requires staying on top of whatever security concerns might come up.

“Our role is to be the platform that all cyber companies can [use to] accelerate their workloads,” Reber told IT Brew, adding, “We want to make sure that the core platform has the security features there ready to be utilized, so you can run secure AI workloads from a platform.”

For more on the potential and risks of AI, keep reading here.—EH

Learn effective strategies to minimize unplanned downtime in critical IT systems. This article explores the financial and reputational effects of service disruptions, highlights essential tools like building management systems and computerized maintenance management systems, and emphasizes the importance of redundancy and proactive incident response planning to ensure consistent uptime.