Key points:
School’s out for summer but, for admins, there’s no final bell. Ransomware attacks in education are doubling year-on-year and the arrival of the summer holidays doesn’t mean to expect fewer attacks. Recent history shows that hackers actually ramp up their activity during vacations and long weekends.
The good news is that summer skeleton crews can fight back–slowly but surely–by focusing their limited resources on mapping ecosystems, patching devices, and enforcing strict password practices.
When classrooms empty, cyber threats multiply
Research by Check Point backs up the theory that as we head out to enjoy the sun, hackers head to work. They know that most employees are on vacation, security teams are understaffed, and that schools are “data rich, resource poor.”
Moreover, they’re aware that most schools are still catching up to the rapid digitization imposed by remote learning and COVID-19 lockdowns. A stark example occurred in 2022 when the Los Angeles Unified School District, the nation’s second-largest school system, fell victim to a ransomware attack over Labor Day weekend. The breach resulted in a significant data leak, compromising sensitive student information.
Unfortunately, things haven’t gotten much better since this massive breach. A report last year from Emsisoft revealed a surge in K-12 cyberattacks with cases more than doubling from 45 in 2022 to 108 in 2023. This escalation isn’t coincidental. Cybercriminals target schools because they host sellable information on comparatively outdated systems with lower defenses. To bad actors, summer vacation represents a golden opportunity to exploit network backdoors and potentially remain undetected for weeks, maximizing the attack’s impact and profitability.
It’s therefore up to education to take the target from its back. This involves a two-pronged approach: bolstering security measures and making attacks less financially rewarding. Summer presents an ideal opportunity to initiate both of these crucial improvements.
Three steps for stronger school cybersecurity
To the first point–bolstering security measures–IT can make a big difference to school cybersecurity today and tomorrow by focusing on three elements over the break.
First, begin with a comprehensive inventory of all devices connected to the network. A unified endpoint management platform, for example, can reveal the extent of the ecosystem. This is what Canada’s Barnaby School District did across its 41 elementary schools and 8 secondary schools, uncovering more than 2,000 additional endpoints than previously thought. In effect, this represents 2,000 potential network entry points. Knowing what’s connected is the first step to protecting what’s connected.
Next, ensure that every endpoint is updated with the latest software. Roughly half (45 percent) of reported software vulnerabilities from last year remain unpatched–a big concern considering that such exploitable vulnerabilities are responsible for almost two-thirds of all data breaches. Good patch management starts by setting a strategy for implementation, like establishing alerts and leveraging unified consoles, and working towards regular device audits, patch testing, and rollback plans.
Finally, get serious about access. Complex passwords backed by multi-factor authentication are the gold standard for a reason. If hackers crack a device password, asking for an additional phone code or fingerprint scan sets another obstacle in their way. Before something like zero trust network architecture is mandated in education like in the military–and here’s hoping–admins can effectively thwart hackers without breaking the bank via stricter access controls.
A summer test education can’t afford to fail
Schools can’t tackle this challenge alone. We need policymakers and school districts to step up, not just during summer but year-round. Their support is vital in funding additional resources and tackling the second point–making attacks less financially rewarding.
One area that demands top-down leadership is the issue of ransom payments. The education sector faces the highest rates of ransomware attacks across all industries, with about half (47 percent) of globally affected schools paying to recover stolen data. While banning ransom payments could help discourage these criminals, I acknowledge this is a complex issue with no easy solutions.
Encouragingly, cybersecurity coordination is advancing at the national level. This March saw the formation of the Government Coordinating Council for the Education Facilities Subsector. This collaborative effort unites federal, state, and local governments to provide schools with essential guidance and resources for strengthening their cyber resilience. By tapping into the expertise of the Department of Education and the Cybersecurity and Infrastructure Security Agency, schools can make significant progress in safeguarding data and protecting staff and students.
As we enjoy summer, let’s not forget the cybersecurity challenges facing our schools. By focusing on device inventory, software updates, and access control, skeleton crews can go a long way to thwarting potential attacks and laying the groundwork for the new school year.
The summer months may be a break for students, but they’re the ultimate test for school cybersecurity–and one we can’t afford to fail.
