Doug Levin, National Director of the K12 Security Information Exchange (K12 SIX), has dedicated his career to technology and education. This work produced The K-12 Cybersecurity Resource Center or the K-12 Cyber Incident Map, which launched in 2017.
Cataloging and mapping all publicly-disclosed cyber incidents impacting the education industry, the K-12 Cyber Incident Map is a one-of-its-kind, free resource meant to create awareness around the need for better K-12 cybersecurity and privacy policies.
For the third year in a row, Levin has published his annual State of K-12 Cybersecurity: 2020 Year in Review report. As the only one of its kind, this report helps all of us involved in K-12 cybersecurity to stay up to date with what’s happening around the country.
ManagedMethods has been a proud sponsor of Levin’s annual reports since it’s inception. Over the next few weeks, we will be discussing various areas of the report, and what school administration and IT leaders can be doing to address many of the issues raised.
We will also be hosting a free, live webinar with Doug Levin and two school IT leaders on June 17. I invite you to click here to learn more about the webinar and register to attend and/or receive the free recording afterward here. We’d love to see you there!
Since we’ve been exploring school ransomware over the past several weeks, we figured this topic would be a good place to start.
It should come as no surprise that K-12 ransomware attacks are increasing in number and severity. According to the FBI, K-12 districts are now the targets of 57% of ransomware attacks.
Ransomware is a big problem because of the damage it can do. For example, ransomware incidents have had one or more of the following impacts on schools:
The State of K-12 Cybersecurity: 2020 Year in Review report shows 50 ransomware attacks on U.S. K-12 schools. In addition, eight districts reported attacks that looked like ransomware, but were never officially confirmed. The K-12 Cyber Incident Map showed that the attacks happened in districts spread over 25 states. The report also pointed out that the attacks reported were more severe in several ways:
One thing that contributes to the increase in K-12 ransomware attacks is the confusion about what districts need to do to protect themselves. Cloud computing is a perfect example of this.
As more schools use cloud apps, such as Google Workspace, Microsoft 365, and others, the need to secure the communications and data in these apps increase. This was a trend that was beginning long before COVID-19 closed down school buildings, but the lock down certainly turbo-charged it.
Unfortunately, few school districts realize that cloud security protections are needed to protect against a variety of cyber threats and internal exposure, including ransomware. As a result, third-party apps ransomware threats, google cloud ransomware incidents, and other types of cloud ransomware are on the rise.
Further, many IT teams assume that cloud vendors such as Google are protecting their data stored in their apps. This is just one of several cybersecurity myths that are harming schools, students, and security. But, SaaS/cloud vendors operate under a shared responsibility model in their licensing. This means that districts are responsible for protecting access to their data against cybercriminals. And, many districts aren’t prepared to do that.
It’s critical that schools take the threat of ransomware in the cloud seriously. Most schools are focused on protecting their perimeter—namely, their network—from intruders. And you should certainly continue to do so. But, the truth is that your Next-Gen firewall and your web content filter aren’t capable of fullying protecting your district’s cloud domain from ransomware and other types of threats like account takeovers. Why?
On a basic level, once someone is able to breach your perimeter security layer, such as with a compromised or weak password or a click on a phishing link, it is far more difficult to detect unauthorized behavior in the cloud compared to on-prem environments. Because cloud apps, storage, etc. aren’t hosted in your network.
There are steps you can take to protect your schools from ransomware attacks, including:
There are also some ransomware early warning signs that your team should be able to monitor for, detect, and remediate quickly—both in the cloud and on-prem. These include:
Education is extremely important. You need to educate yourself on the changing cybersecurity and cyber safety landscape to ensure that your plans keep pace with the latest strategies that hackers use. In addition, your community must be made aware of how essential their role is in keeping everyone safe. With everyone working together, your district has a much better chance of sending the hackers packing.