In the Hacker’s Crosshairs: K-12 Schools
In education, cybersecurity is rarely top-of-mind — until a major incident occurs. Yet, according to the Federal Bureau of Investigation (FBI), schools are top targets for cybercriminals, resulting in ransomware attacks, data theft, and the disruption of online learning. Earlier this month, the Albuquerque public schools were forced to cancel classes due to a cyberattack that locked district staff out of the information database they use to record student attendance, determine who is permitted to pick students up from school, and store student emergency contacts. Weeks prior, a ransomware attack on software provider Finalsite, a vendor providing services to the education market, affected the accessibility of 5,000 school websites. Cyberattacks are particularly challenging for K-12 schools, as they often face resource limitations and cannot attract the necessary talent to implement enterprise-grade defense strategies. Therefore, K-12 institutions will need to find ways to address these growing threats.
And growing, they’re. Last March, the Buffalo, N.Y., district canceled classes for two days in response to a ransomware attack. Since the start of the pandemic, cyberattacks have also prompted school closures in districts including Broward County, FL; Hartford, Conn.; and Clark County, NV. So, what is driving the uptick in these security incidents?
The flurry of new technologies needed to support the shift to remote learning as a response to the ongoing health crisis has left schools increasingly vulnerable to security risks and potential attacks. New applications, delays in patching, and failing security controls added complexity and vulnerabilities to environments where security had often been an afterthought. When exploited, these vulnerabilities pose significant risk.
The endpoint is the new network edge, and the primary attack surface is literally in the hands of children. Almost one-third of education devices studied in the 21/22 Endpoint Risk Report: Education Edition contained sensitive data — nearly half of which was social security data, and 39% of which was protected health information. This has opened up new potential attack vectors for cybercriminals and placed student and school safety at risk. According to the FBI, malicious cyber actors are focusing on K-12 institutions since they are easy targets of opportunity.
Ransomware in particular poses a danger to schools. As of August 2020, Politico has reported that ransomware attacks have hit 58 education organizations and school districts, including 830 individual schools.
Making Security an Imperative
Although long underfunded and under-resourced, cybersecurity in education must now step to the forefront. Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working at all times to minimize the risk of falling victim to cyberattacks.
The following fundamental measures can help K-12 school districts minimize their exposure to ransomware attacks:
1. Implement cybersecurity awareness training to educate staff and students on how ransomware is being deployed and how to recognize and avoid spear-phishing attacks.
2. Patch operating systems, software, and firmware as soon as manufacturers release updates.
3. Implement application and remote access to only allow systems to execute programs known and permitted by the established security policy.
4. Regularly update anti-virus and anti-malware with the latest signatures and perform regular scans.
5. Back up data regularly to a non-connected environment and verify the integrity of those backups.
Beyond these generic preventive measures, school districts must pay special attention to the state of their endpoints, as those devices are often the launchpad from which ransomware spreads across the network. In this context, the following measures are recommended:
• Monitor for unusual activity and specifically look for suspicious behavior or spikes in connections on devices that are usually quiet.
• Lock at-risk devices and restrict device network access to halt the spread of malicious software.
• Harden existing endpoint security controls, as it is imperative to keep endpoint security software like anti-virus, anti-malware, VPN software, and/or disk encryption active and up to date on all devices. To address the talent shortage, emerging endpoint resilience technology can help school districts to make their endpoint security controls resilient against software decay or malicious actions by self-healing these critical applications whenever needed.
• Establish an undeletable connection to the endpoint to orchestrate remediation actions remotely while still being under distress, e.g., by reimaging the operating system of a compromised device. Again, emerging endpoint resilience technology embedded in the firmware of devices can help by maintaining an unbreakable connection.
Ultimately, following these best practices will both improve a school district’s cyber security posture and reduce their exposure to debilitating cyber-attacks.