Schools are an attractive target for cybercriminals
Schools are not only likely to pay a ransom to swiftly continue their operations, but also hold student records, which can sell on the dark web for a lot of money.
The number of cyberattacks on K-12 schools has been steadily increasing over the past five years. According to Bloomberg, while in 2016 US schools experienced only 69 attacks, in 2020, that value skyrocketed to 408. Experts suggest that the estimated number is very general and can, in fact, be 10-20 times higher. During the continuous stage of remote learning, educational facilities suffered from over 5.8 million malware attacks, with 44% of the world’s institutions affected.
Charlie Sander, Chairman & CEO at ManagedMethods, which allows K-12 IT teams to easily identify cybersecurity risks and cyber safety signals in district Google Workspace and Microsoft 365 accounts, talked to us about the company’s approach to keeping schools safe.
How did the idea of ManagedMethods come about?
K-12 education was quickly becoming heavily dependent on the cloud, as schools began using Google’s cloud collaboration applications in the early 2010s. This still holds true today as school districts are more committed to the cloud due to the productivity and collaboration offered by Google Workspace and Microsoft 365.
Seeing this trend, I joined my co-founders at ManagedMethods in 2014, with a mission to help make schools safer. ManagedMethods does so by making Google Workspace and Microsoft 365 cloud security and safety easy. Our platform provides a centralized command center for district IT teams to manage the cybersecurity and student safety risks that may exist in their cloud environments.
We help make it possible for school districts to realize the productivity, collaboration, and classroom learning benefits that cloud applications provide, without exposing students and staff to the security and safety risks impacting K-12 education today.
Besides providing cloud security, ManagedMethods also takes physical safety into account. What tools do you use, and which red flags do you keep an eye out for?
Our team has put a significant amount of effort into developing ManagedMethods Signals, the K-12 education industry’s leading AI technology for student cyber safety monitoring.
ManagedMethods Signals monitors a school district’s Google Workspace and Microsoft 365 accounts for red flags such as cyberbullying, self-harm, discrimination, threats of violence, explicit content, and more. These red flags are often hidden in text and images that exist in emails, documents, and files stored on cloud drives provided by school districts.
Cybersecurity is a critical part of making schools safe. With students now spending more time online during school hours, we’re proud to see our Signals feature making a positive impact in detecting these signals early on to help protect students and staff—online and offline.
What do threat actors usually try to gain by accessing school information systems?
Similar to organizations in other industries, threat actors targeting school information systems are seeking financial gain. Cybercriminals aim to get that financial gain by stealing sensitive data on the thousands of students and staff that school districts contain. Furthermore, the personally identifiable information (PII) of students tends to sell on the dark web at a higher cost. This is because student records have yet to be used, given they are still minors, which can make it easier for criminals to use in identity theft and other fraud schemes.
Additionally, what are their attack methods when compared to other industries?
The tactics threat actors are using against education, for the most part, are the same ones other industries are facing. Mass email phishing campaigns, targeted social engineering schemes, and malicious attachments are the most common tactics used to gain access to a school district’s information.
Threat actors target teachers, staff, and students in these campaigns to get them to open an attachment or click on a phishing link. If someone in a school district happens to do so, then that school account is compromised, and the attacker can further spread the phishing and malware throughout the school district’s environment. This results in the ransomware and data breach incidents against school districts that have been reported so often in the news recently.
K-12 education has a culture of sharing and accessibility. This allows students the freedom to learn, ask questions, and collaborate with teachers and classmates on schoolwork. However, it’s this same culture that puts school districts at risk.
Recent cyber incidents have also shown that K-12 education may be more likely to pay a ransom following a ransomware attack. If a school district is shut down because they can’t get access to their systems, then students aren’t able to learn. Because of this, school districts aim to get back online as quickly as possible and may pay a ransom to do so.
More organizations move to the cloud, but myths around this technology are still persistent. What misconceptions do you run into most often?
In K-12 education especially, there are a few myths I often hear when talking with district technology administrators. The most common myth is that the cloud provider is securing their data, which couldn’t be more wrong. School districts believe that they are covered with Google and Microsoft—the two primary providers in K-12 education.
In reality, it’s on the districts themselves to ensure the data they store is secured as part of a “shared responsibility” model. District technology administrators need to make sure their settings are properly configured, investigate suspicious activity, and remediate any incidents that take place within their cloud domain—not the provider.
Another misconception is that securing their network is all the cybersecurity measures they need to be protected. While this may have been the case five years ago, the learning environments school districts are in look completely different. Since the start of the pandemic, the security perimeter in K-12 education has vanished.
The widespread move to the cloud by school districts means most of the data school districts store now exists outside those traditional security perimeters. Yet, district administrators continue to believe all their bases are covered with network security alone.
How did the pandemic affect the state of cybersecurity in schools?
Going back to the misconception I mentioned a bit ago, the pandemic made the cybersecurity risks that come with operating in the cloud more apparent to district administrators. In terms of security risks, I wouldn’t say that any new ones came into the picture per se. School districts still face phishing, malware, ransomware, and more. However, school districts lost most—if not all—of their visibility into student, teacher, and staff online activity. This is because more access now comes from home networks or other networks not managed by the district itself.
What this means is that district IT teams can no longer rely on firewalls, antivirus and anti-malware solutions alone. More widespread use of the cloud with apps such as Google Workspace and Microsoft 365 is forcing districts to transition from protecting their network perimeter to safeguarding their data, regardless of where it is located.
The risks school districts face today existed before the pandemic started, but they are now more apparent to administrators. As a result, we are starting to see K-12 education as a whole take a closer look at the recurring threats that the cloud and remote learning create. But it will take more support from the government to make a larger impact across the industry.
You recently published a K-12 Cloud Security Survey Report. What were the key findings?
That’s correct. ManagedMethods recently published our latest report, which identified some alarming gaps in K-12 cloud security. Our survey found that while over 90% of school districts are operating in the cloud, half of the district-level administrator respondents said they do not have a cloud security system in place to protect the data stored in their cloud applications.
The report also found that 60% of district administrators are confident in the privacy and security of the data stored in their cloud applications. Further, 37% are not concerned when it comes to data breaches or leaks. This came somewhat as a surprise since threat actors continue to target school districts because of the treasure trove of student data they hold.
Additionally, district administrators seem to be unaware of cloud file storage and sharing security risks. 31% of respondents did not know if their cybersecurity platforms monitor the risk level of the files that are shared outside of the district’s domain. 28% reported not knowing the risk level of the files that get uploaded into their cloud drives or who has access to those files.
It’s clear there are some misunderstandings district administrators have when it comes to cloud application security. This report showed that school districts are under-protected against cyberattacks aimed at the data in their cloud applications. It’s our mission to help them fill those gaps to make schools safer for students, teachers, and staff.
Ensuring cybersecurity in the age of remote learning is no small feat for schools. Is there anything that should be done outside the technology department?
Indeed, the new learning environments schools find themselves in have shown district administrators that cybersecurity needs more attention and budget. For school district technology departments, cybersecurity is consistently named the top priority but the risks continue to be underestimated.
For those departments outside of technology and for students, it is important to continue educating everyone about the cybersecurity risks. Students and staff are the first lines of defense when it comes to protecting against a cyber threat. With more education on what good cyber hygiene looks like and what phishing tactics threat actors use, students and staff can better spot an attempted attack and not fall for it.
To improve the cybersecurity defenses of those outside the technology department, school districts need to have the support of the administration as a whole. This goes back to the culture of education—openness and accessibility. Administrators need to consider adding additional security measures to keep schools safe. Because even if it hinders accessibility a little bit, it can go a long way in protecting everything school districts store in the cloud and preventing a future cyber incident.
Share with us, what’s next for ManagedMethods?
We have a few initiatives in the works at ManagedMethods we believe will help further our platform as the leading cybersecurity, student safety, and compliance platform in the K-12 education industry. Without giving too much away, we’re currently focused on expanding to cover more Google and Microsoft applications within the ManagedMethods platform. This will help offer more protection as the number of apps used in the classroom increases.
Stay tuned for what’s to come from ManagedMethods in 2022!
by Anna Zhadan, cybernews