Not all defacement are created equal. I have a second grader who has just started to use her school's web site so this defacement of 20 primary school web sites with porn hit me deep inside. We do so much to screen our young ones from the sleazy world outside, and getting it in the school's web site is just unimaginable. Just thinking about the questions I would be asked if my daughter would get such pages.
The incident also highlights the total breakup of cyber security. The incident is blamed on an unpatched version of Moodle, an open source on-line education software. The naive way ot thinking would be that schools don't have the budgets to protect their applications or even to upgrade them. However, as this incident shows, proper security is fundamental and a substantial part of the budget should be allocated to it, even it means we spend less on the application features. We need to move slower but ensure security. After all, what is the value of an educational system that shows porn?
Another insight is that real time controls for protecting web applications are essential. You need a WAF. While the specific vulnerability exploited is unknown, Installing ModSecurity would have probably prevented the exploit.