The 2020–2021 academic year started not with a bang but with a whimper for some school districts as, instead of welcoming students back to class (albeit virtual classrooms), they found themselves scrambling to combat everything from ransomware to distributed denial-of-service (DDoS) attacks. To wit:
- Schools in Haywood County, NC, were shut down for several days when the school district fell victim to a ransomware attack that required it to rebuild the entire network and related technology services.
- Las Vegas' Clark County School District was infected by ransomware that breached the personally identifiable information (PII), including Social Security numbers, of former and current employees.
- Miami-Dade County Public Schools experienced significant disruptions over the first three days of distance learning, thanks to a series of DDoS attacks allegedly perpetrated by a 16-year-old student. This was not the school district's first rodeo, either — the school system noted it had already experienced more than a dozen DDoS attacks since the start of the school year by the time the student-hacker was arrested.
- Sandwich Public Schools in Massachusetts were knocked offline by what was initially thought to be a firewall failure but was later discovered to be the result of a DDoS attack. Tyngsboro middle and high schools also came under fire from a DDoS attack initiated by a device brought onto one of the schools' campuses every morning.
While a boon to the ability to educate students during a pandemic, remote-learning platforms and their relatively lax security measures have left educational institutions vulnerable. More worrisome is the fact that school systems, already far less prepared to deal with DDoS attacks thanks to tight IT budgets, will only continue to be in the crosshairs given the growing popularity of easy-to-use DDoS tool kits.
An ounce of prevention is worth a pound of cure and, in the case of DDoS attacks, potentially serious revenue loss or a catastrophic loss of functionality. By understanding the warning signs, educational institutions can go a long way toward protecting themselves against DDoS and similar attacks.
- Awareness. One of the most important things schools can be doing to protect themselves is to know the warning signs. Typically, if others in your industry have been targeted, your days are numbered. In the current state of play, schools should assume that they will be a target if they haven't already been.
- Bragging rights. Take advantage of Dark Web monitoring tools to keep tabs on what hackers are saying. Keep an eye on them and take their braggadocio seriously.
- Check your network for suspicious behavior as hacks will frequently test a network with a few packets before they attack. And, doublecheck that whatever learning platform your institution uses doesn't expose a home user's or school's IP address.
- Distractions. You don't want to be caught off guard by a second attack while dealing with an initial wave of DDoS attacks, so keep your guard up.
- Extortion and ransomware notes shouldn't be ignored. Alert the authorities and security providers immediately.
- Focus on performance issues, including slow persistent network performance when trying to access a website, and monitor device alerts for unavailability.
The middle of a DDoS attack is no time to realize you never got around to updating your disaster recovery plan. The window on capex might have closed for the school year, thereby preventing the purchase of additional security solutions, but there are steps school IT departments should be taking now:
- Make cybersecurity training mandatory for all employees, and be certain staff knows where to send suspicious emails or whom to contact if they notice any strange activity.
- Update your disaster recovery plan with current personnel and phone numbers, not just office extensions. Everyone's working from home now, so make sure you have the ability to reach them wherever they are. A disaster recovery plan is only as good as its information, so make sure it's accurate.
- Be ready to recognize the signs you're under attack and remediate the threats before they take your network offline.
- Take a page from the football coach's playbook and run practice drills until they become muscle memory. And don't forget to have your entire staff go through the steps as well.
- Make sure you have an anti-DDoS solution ready. Don't wait until you're under attack to implement it — it might not be as easy as you were told, and it will certainly cost more when you are under attack.
- Leverage your network, literally and figuratively. Ask both your network and learning platform providers about their DDoS prevention and preparedness measures and see how you might piggyback on those. Keep in mind that larger learning platforms are most likely better equipped to handle an attack.
In a time when everyone is trying to make sense out of the senseless, schools are for many a place of near-normalcy, where learning and interaction with one's peers takes precedence, however briefly, over the uncertainty of the world around them. What they should not be is a target for those looking to cause trouble or make a fast buck.
Taking a measured approach to security will mean fewer schoolboy (or girl) errors and ensure that your security solution passes with flying colors.