K-12 cybersecurity report identifies a new class of school cyber incidents
Over the past few weeks, we’ve talked about a number of topics that are covered in the third annual report, State of K-12 Cybersecurity: 2020 Year in Review, published by Doug Levin, who is the national director of the K12 Security Information Exchange (K12 SIX). We’ve covered topics that appear in the report such as school vendor security and K-12 ransomware. This week, we’re exploring the connection between K-12 cyber safety and security.
The 2020 Year in Review report identified a new class of school cyber incidents: virtual class invasions and related disruptions. This new classification of incident is included in the “Other” category, which represents 45% of the total cyber incidents that were reported for the year. These classroom disruption incidents, popularly referred to as “Zoombombing” represent a large portion of the incidents in the Other category.
Are Cyber Safety and Security Related?
This new category of cyber incidents makes it clear that cyber safety and security are related. Student cyber safety is a big issue for districts across the U.S. Students need to be protected from threats on the internet, and their data needs to be secured in order to meet a variety of regulations including CIPA and FERPA.
When cybersecurity breaks down at the school and district level, we saw these “Zoombombing” incidents threaten student cyber safety and wellness in the form of hate speech, shocking and explicit images, threats of violence and more by often unknown users. In his report, Levin classifies these types of incidents that can be described as:
Class Invasion: Breaking into remote learning sessions
Meeting Invasion: Breaking into public school board meetings, or other community meetings such as PTA meetings and orientation sessions
Email Invasion: Compromising a district’s email system to send bulk emails
It’s true that many of the class invasions took place while schools were using Zoom or Google Meet for remote learning. But, the 2020 Year in Review report warns that these incidents need to be viewed as a broad security challenge related to the use of synchronous communication tools to enable remote learning and meetings.
In fact, the Department of Justice was so concerned about these incidents that they published a press release to warn cybercriminals against teleconferencing hacking. They listed significant penalties for anyone mounting this type of attack. Unfortunately, the K-12 Cyber Incident Map revealed four times as many class invasions in the second half of 2020 as compared to the first half.
These attacks resulted in threats to students and families, demands for payment, class cancellations, and some school closures. The attacks disrupted and canceled school board meetings, disrupted email services, and exposed school children as young as kindergarteners to the shocking images and speech spewed by the hackers.
Why Cloud Monitoring is Critical for School Cyber Safety and Security
Traditional cybersecurity tools are no longer enough to combat the types of K-12 cyber safety and security threats that are happening today.
Web content filters won’t stop the type of invasions that cybercriminals are using. There are also firewall concerns because cybercriminals are getting around firewalls to access data and communications in the cloud. In today’s learning environment, cloud monitoring is critical.
Even as schools are bringing education back to the classrooms, IT teams are faced with challenges such as:
- Devices that have been connecting to unmanaged networks for months now must be incorporated back into district networks.
- A new form of ransomware in the cloud that can attack cloud data and communications in commonly used apps, including Google Workspace and Microsoft 365, among others.
- Cybersecurity essentials aren’t available in every district, leaving them vulnerable.
- The need for a more advanced, multi-layered cybersecurity infrastructure, using a tool such as the K-12 NIST Cybersecurity Framework.
School doesn’t just happen in buildings anymore. Students, faculty, and staff are using technologies to improve learning and work efficiency. But these new technologies need to be properly secured.
The Zoombombing incidents that took hold of schools in 2020 followed by the rash of ransomware attacks in the latter half of 2020 and continuing to today have served one good purpose. They’re shining the light on a struggle that district IT leaders have been quietly fighting, often on their own. That K-12 cyber safety and security are critical to keeping our students safe.