If the past several years have taught school districts anything, it’s this: Hackers love the education sector. They can’t get enough of it. In fact, most cyber criminals go out of their way to target unsuspecting public schools, launching attack after attack until inevitably they escape with hoards of sensitive information.
Don’t believe us? It’s true. According to a recent report released by the Cybersecurity & Infrastructure Security Agency (CISA), K-12 cyber attacks tripled between 2018 and 2021. If that doesn’t make you feel uneasy, nothing will.
So, what’s going on here? Where are these cyber threats coming from and why? And, most importantly, what can your district do about it?
In this blog, we’ll answer these questions and more as we get to the bottom of the K-12 cyber security crisis.
School Cyber Attacks: A Growing Threat To Your Data
You might be surprised to learn that successful attacks aren’t new to the American school system. Actually, cybersecurity has been a growing problem for quite some time.
However, a recent wave of successful attacks have certainly sounded the alarm across the United States. Sadly, you don’t have to look very far for a few prime examples:
- Los Angeles Unified School District (LAUSD): In late 2022, a ransomware gang known as Vice Society launched a ransomware attack against LAUSD, the second-largest school district in the United States. The attack was devastating. After district officials refused to pay the ransom, Vice Society leaked over 500GB of personal data.
- South Redford School District: A September 2022 cyber attack forced South Redford School District to cancel classes for multiple days after a staff member clicked on a malicious link. Luckily, student data remained safe and sound.
- Des Moines Public Schools: In January 2023, Iowa’s largest school district suffered a similar ransomware attack that forced the school to cancel classes. Not only did hackers escape with personal data, but Des Moines Public Schools was still struggling to recover from the attack even a month after the incident.
Of course, successful attacks have consequences. A recent Government Accountability Office (GAO) report found that cyber attacks caused significant monetary losses due to recovery resources and computer system downtime. In some cases, a single data breach can cost upwards of $1 million between replacing computer hardware and enhancing security.
Remember Des Moines Public Schools? After their data breach, the school district chose to significantly increase its cybersecurity budget. While on the one hand this could be considered a good thing, Des Moines is forced to cut back in other areas. In fact, the school district plans to reduce teaching staff by 2%, support staff by 5%, and central office staff by 5% — not exactly the best outcome.
The GAO also estimates that more than two million K-12 students have been affected by ransomware attacks. And, perhaps most pressing, loss of learning following an attack can last weeks, with full recovery sometimes taking as long as nine months.
Top 5 Cyber Threats
As part of CISA’s landmark research into K-12 data security, the organization studied the most common threat vectors impacting the education sector. Here are the top five:
- Data breach: A data breach can involve a malicious cyber threat infiltrating your school district, but it can also include students unwittingly exposing personal data. By CISA’s estimate, this is by far the top threat districts faced between 2016 and 2021.
- Ransomware: As the name suggests, a ransomware attack involves a ransomware gang gaining or blocking access to your sensitive information, refusing to relinquish it until a ransom has been paid.
- Email compromise: Hackers often target login credentials, such as an email address, because it affords them access to other information systems. Many cyber criminals use phishing as a way to obtain login credentials from unsuspecting students. This means they impersonate a known or trustworthy source to fool the victim into sharing personal data.
- DDoS: Distributed-Denial-of-Service attacks are designed to bring key applications and computer systems offline by overflowing them with traffic.
- Video conferencing invasion: Although more prevalent during the pandemic when virtual learning was the norm, hackers still attempt to disrupt digital classroom sessions. Why? Sometimes just for laughs, other times they’re cracking their way through one system into another.
What Can Your District Do?
Don’t worry, there’s plenty your school system can do to get ahead of the cyber security curve and protect your students from cyber risk.
CISA’s report made three recommendations:
- Apply for the State and Local Cybersecurity Grant Program, use free or low-cost services to make immediate improvements, and call for edtech providers to adopt strong security controls at no additional cost. According to CISA, many districts simply don’t have the funds to enhance cyber security effectively. Grant programs and cost-efficient services are great resources when it comes to making a big improvement without draining your budget.
- Join collaboration groups like the MS-ISAC (Multi-State Information Sharing and Analysis Center) or K12 SIX (Security Information Exchange) and build relationships with cyber security professionals. As CISA puts it, educational institutes don’t exist on an island all to themselves. Collaboration is key to building awareness and resilience.
- Put the highest priority controls in place, invest in cybersecurity however possible, and make a long-term security plan. CISA says that leaders should take a more proactive approach and leverage security investments that focus on their biggest vulnerabilities. Small steps, such as implementing multi-factor authentication, can lead to bigger initiatives. That said, all schools should have a long-term roadmap for creating a stronger data security program.
To that last recommendation, schools stand to benefit the most from adopting a layer of cloud security. Why? Because most school districts don’t have any to begin with. More than 90% operate in the cloud, but fewer than 20% allocate any of their budget to securing cloud-based data.
Luckily, that’s where Cloud Access Security Broker (CASB) comes into play. CASB is a cloud security tool that gives you more visibility and control over who accesses your cloud environment and how they use it.
Let’s say your district uses Google Workspace. If a student is downloading an unsanctioned application, CASB can instantly identify the app and student involved and jump into action. Or, if a teacher mistakenly attaches sensitive information to an external email, you can automatically flag the occurrence and mitigate the risk.
In sum, CASB allows you to automate threat detection, streamline risk mediation, and seamlessly protect your school district from numerous cyber threats.