Finals Week Fallout: The Canvas Hack That Shook Education

from Cyberside Chats: Cybersecurity Insights from the Experts · host Chatcyberside

In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down what may be the largest education-sector data breach in history: the massive compromise of Canvas by Instructure. With more than 275 million records reportedly stolen and over 8,800 educational institutions impacted, the incident highlights the dangers of cloud concentration risk, where a single vendor breach can create a domino effect across an entire industry. The discussion dives into the tactics allegedly used by the Shiny Hunters threat group, the risks of SaaS platform overreliance, and the troubling gap between vendor assurances and real-world containment. Matt and Sherri also explore lessons organizations can apply immediately, including phishing-resistant MFA, monitoring for bulk data exfiltration, data retention reduction, and why every “incident contained” statement should be treated cautiously until independently verified. Key Takeaways: 1. Inventory every SaaS vendor that holds your identity, communications, or user data, and rank them by blast radius. You cannot manage concentration risk you have not measured. The output is a one-page list, ranked by how many users would be exposed if the vendor were breached tomorrow. 2. Enforce phishing-resistant multifactor authentication on every administrative and remote-access account. Hardware security keys or platform authenticators that meet the FIDO2 standard. SMS codes and push notifications are not sufficient against the current voice-phishing playbook. Apply this to every administrative account at every vendor in your inventory. 3. Monitor and alert on bulk data exfiltration across your critical SaaS platforms. Configure threshold-based alerts and additional controls to detect or prevent mass exports of sensitive information through APIs or administrative tools. If an account is compromised, the goal is to stop attackers before they can empty the entire database. 4. Set and enforce a data retention schedule that deletes records when their operational purpose ends. The Illuminate FTC consent order specifically requires this, which is a signal that retention is now in enforcement scope. Data you no longer need is data the next breach will steal. 5. Treat any vendor claim of "incident contained" as a hypothesis until your own monitoring confirms it. Maintain independent visibility into the data flowing in and out of critical SaaS platforms — through your identity provider logs, your CASB, or the vendor's own audit feed. The five-day gap between Instructure's containment claim and the second-wave defacement is the case study.

NOW PLAYING

0:00 11:24

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

No similar episodes found.

Similar Podcasts

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. The Game Radio Popolare Soldi, lavoro, avidità, disoccupazioni: il grande gioco dell’economia smontato ogni giorno da Raffaele Liguori. Photo Breakdown Scott Wyden Kivowitz Photo Breakdown is a podcast in which we explore the world of photography with a trusted guide, host Scott Wyden Kivowitz. His expertise and passion bring the industry to life as we explore the stories, trends, and ideas shaping it today. Join us as we dissect everything from incredible photographs and creative techniques to the latest gear releases and hot topics in the photography community.In each episode, we break down what’s happening behind the scenes - whether it’s making a powerful image, a candid discussion on industry trends, or a reflection on the tools and technology changing how we make photographs. You’ll get insights, expert opinions, and a fresh perspective on what’s top of mind for photographers right now.Anticipate short, engaging episodes brimming with ideas and inspiration. Be part of the conversation by sharing your thoughts, voice notes, and comments. Your participation is what makes our community vibrant and dynamic.It’s more than just photography - everyth The Last Outlaws Impact Studios at UTS In a History Lab season like no other, we're pulling on the threads of one of Australia's great misunderstood histories, moving beyond the myths to learn what the Aboriginal brothers Jimmy and Joe Governor faced in both life and death.Australia's budding Federation is the background setting to this remarkable story, that sees the Governor brothers tied to the inauguration of a 'new' nation and Australia's dark history of frontier violence, racial injustice and the global trade and defilement of Aboriginal ancestral remains. This Impact Studios production is a collaboration with the Governor family, UTS Faculty of Law and Jumbunna Institute for Indigenous Education and Research.The Last Outlaws teamKatherine Biber - UTS Law Professor and Chief InvestigatorAunty Loretta Parsley - Great-granddaughter of Jimmy Governor and the Governor Family Historian Leroy Parsons - Governor descendant, Narrator and Co-WriterKaitlyn Sawrey - Host, Writer and Senior ProducerFrank Lopez - Writer,

URL copied to clipboard!

Share this episode

Similar Episodes

Similar Podcasts

Age Verification