As the school year wound down and summer vacations began, educational institutions said goodbye to one of the most challenging years in recent memory. COVID-19 meant shutting down classrooms and shifting to online learning. But the transition wasn't all smooth sailing, and it came with a new set of unique challenges.
|
As students and teachers swapped their pens and paper for virtual blackboards and Zoom calls, laptops flocked off the shelves and became a scarce commodity. Underfunded school districts were further challenged with delayed COVID relief funds to purchase laptops for students and faculty, causing many to rely on their own personal devices at home.
Yet personal computers do not have the same protection as IT-managed devices to keep information safe, making them inherently vulnerable to cyber threats. On top of this, IT departments faced limited resources, time, and budget to invest in cybersecurity measures. Schools lacked the ability to identify malicious behavior, all contributing to an unprecedented surge of cybercrime in the sector.
The New Age of Ransomware
As the headlines showed, ransomware plagued the education sector this year as schools grappled with the disruption of COVID-19. According to the FBI, schools became one of the more prominent targets, with 57% of all reported ransomware attacks in August and September 2020 targeting K–12 institutions.
Ransomware attacks on the Clark County School District and other school systems made it clear that hackers weren't afraid to up the ante; releasing social security numbers, student grades, and other sensitive information when the ransom wasn't paid. Schools such as the Gadsden Independent School District were even targeted with the same strain of ransomware twice within the year, causing a shutdown of 24 school sites.
As long as educational institutions continue operating digitally, we can expect hackers to be at their heels. We also know that online learning is not going away anytime soon, with some school districts like the New York City public school system announcing that instead of snow days this coming winter, students and teachers will conduct classes virtually. Hybrid learning will also be a likely option next year until students of all ages are able to get vaccinated.
With the average total cost of recovery from a ransomware attack having doubled in a year to $1.85 million and the alarming trend of releasing data when ransoms aren't paid, strengthening a school's security posture should be at the top of their to-do list.
Cybersecurity Training: Your First Line of Defense
Cybersecurity awareness is an integral component to combating ransomware, and it doesn't need to break the bank. As 98% of cyberattacks rely on social engineering, investments in training and reinforcements are critical to minimizing attack surfaces.
Below are six steps for schools looking to increase cybersecurity awareness come back-to-school season:
Ransomware is a persistent and critical threat that will remain a problem for years or decades to come. While no system is perfect, school districts need to start preparing now for when, not if, they experience an attack. While there isn't one foolproof solution to this troubling problem, cybersecurity education is a good starting point to building a more resilient organization. The more time invested preventatively, the better the ability to combat threats and lessen the extent or impact of an attack.
Drew brings a passion for helping companies scale global operations, implementing robust security protocols, and more than 20 years of experience. At Druva, Drew focuses his time on efficient operations processes, identifying security risks, and leading the technical ... View Full Bio
