Key points:
The education sector is facing a growing and multiplying menace: a surge in cyberattacks by ransomware groups that are leveraging generative artificial intelligence and other sophisticated tools.
Recently, a software provider was the target of a data breach that affected K-12 school districts across the U.S. As a result, sensitive data such as names, addresses, birth dates, financial reports, medical records, and Social Security numbers were obtained by hackers.
These attacks illustrate increasingly sophisticated and bold tactics of the ransomware gangs targeting schools and a variety of other sectors. According to a recent report, ransomware attacks targeting the U.S. education sector increased more than 25 percent between April 2023 and April 2024, compared to the same period a year earlier.
The heightened threat was part of an overall increase of 17.8 percent in ransomware attacks. Of those attempted attacks, 217 targeted the education sector–the fourth highest total of any industry.
In the era of a digital and hybrid learning world, the education sector faces numerous challenges when it comes to cybersecurity, including a lack of resources and budget, curious students, and outdated infrastructure. Combined with growing ransomware threats, schools should adhere to best practices for proper cyber hygiene, strong IT security fundamentals, and the implementation of a zero trust architecture. Taking these steps can minimize the attack surface, reduce breaches, eliminate lateral movement, stop data loss, and bolster defense capabilities.
Laying the foundation: Cyber hygiene and IT security fundamentals
New School Safety Resources
However they choose to handle individual incidents, school IT teams have no choice but to stay prepared and prioritize improving their cyber hygiene and IT security fundamentals. Proactively addressing evolving ransomware threats will enable schools to remain more resilient.
There are steps that everyone–even curious students–can take to enhance their cybersecurity posture. These include creating complex passwords, ensuring software is regularly updated, participating in phishing awareness training, and implementing multifactor authentication. Such best practices can be reinforced by integrating cybersecurity into the curriculum and ensuring that password updates and trainings occur on a set basis. Maintaining cyber hygiene and practicing IT security fundamentals is a continual effort that can become part of the daily habits of students and staff when consistently emphasized–fostering a culture of cybersecurity awareness and resilience.
Zero trust: Trust no one, always verify
Practicing proper cyber hygiene and maintaining security IT fundamentals is only part of the solution to protect against attacks. Evolving threats and technological advancements are not slowing down, and schools need a security framework that effectively keeps up with this new digital landscape. An important security progression is zero trust, which is a focus for federal agencies. Zero trust is not mandatory for the education sector, but school districts should prioritize implementing it as a strong overall security practice and specifically to help guard against ransomware attacks.
Operating under the principle of “never trust, always verify,” zero trust assumes that breaches will happen, not might. The architecture promotes a proactive approach to cyber threats by treating every access attempt, whether from inside or outside the network, as potentially hostile. Continuous verification of identities and devices, regardless of location, is enforced.
Should an attack occur, zero trust is inherently designed to minimize the network attack surface, prevent lateral movement of threats, and lower the impacts of a data breach. Pairing zero trust with cyber hygiene and IT security fundamentals puts a plan in place that allows schools to continue operations and secure sensitive data.
Fortify with microsegmentation principles
A key component of a zero trust approach to cybersecurity is microsegmentation, which creates one-to-one segments that are brokered and authenticated by zero trust architectures. Based on the principles of least-privilege access, users are connected directly to requested applications without ever exposing the network.
The implementation of a zero trust architecture and microsegmentation principles are best practices that enable schools to proactively secure critical assets such as student and other data–often the target of ransomware gangs. This approach not only protects valuable information, but lowers risks, unplanned downtime, and consequences stemming from an attack.
As these criminals become a growing threat to schools and to students’ privacy, it is imperative that the education sector take every possible step to secure its data and maintain strong security fundamentals. Having a clear plan in place and ensuring everyone recognizes the signs of potential ransomware attacks are essential first steps. From everyday practices, such as cyber hygiene and security fundamentals, to more IT-based implementations, such as zero trust and microsegmentation, everyone can play a role in the fight against ransomware attacks and bolstering cyber defenses.
