If the past several years have taught school districts anything, it’s this: Hackers love the education sector. They can’t get enough of it. In fact, most cyber criminals go out of their way to target unsuspecting public schools, launching attack after attack until inevitably they escape with hoards of sensitive information.
Don’t believe us? It’s true. According to a recent report released by the Cybersecurity & Infrastructure Security Agency (CISA), K-12 cyber attacks tripled between 2018 and 2021. If that doesn’t make you feel uneasy, nothing will.
So, what’s going on here? Where are these cyber threats coming from and why? And, most importantly, what can your district do about it?
In this blog, we’ll answer these questions and more as we get to the bottom of the K-12 cyber security crisis.
You might be surprised to learn that successful attacks aren’t new to the American school system. Actually, cybersecurity has been a growing problem for quite some time.
However, a recent wave of successful attacks have certainly sounded the alarm across the United States. Sadly, you don’t have to look very far for a few prime examples:
Of course, successful attacks have consequences. A recent Government Accountability Office (GAO) report found that cyber attacks caused significant monetary losses due to recovery resources and computer system downtime. In some cases, a single data breach can cost upwards of $1 million between replacing computer hardware and enhancing security.
Remember Des Moines Public Schools? After their data breach, the school district chose to significantly increase its cybersecurity budget. While on the one hand this could be considered a good thing, Des Moines is forced to cut back in other areas. In fact, the school district plans to reduce teaching staff by 2%, support staff by 5%, and central office staff by 5% — not exactly the best outcome.
The GAO also estimates that more than two million K-12 students have been affected by ransomware attacks. And, perhaps most pressing, loss of learning following an attack can last weeks, with full recovery sometimes taking as long as nine months.
As part of CISA’s landmark research into K-12 data security, the organization studied the most common threat vectors impacting the education sector. Here are the top five:
Don’t worry, there’s plenty your school system can do to get ahead of the cyber security curve and protect your students from cyber risk.
CISA’s report made three recommendations:
To that last recommendation, schools stand to benefit the most from adopting a layer of cloud security. Why? Because most school districts don’t have any to begin with. More than 90% operate in the cloud, but fewer than 20% allocate any of their budget to securing cloud-based data.
Luckily, that’s where Cloud Access Security Broker (CASB) comes into play. CASB is a cloud security tool that gives you more visibility and control over who accesses your cloud environment and how they use it.
Let’s say your district uses Google Workspace. If a student is downloading an unsanctioned application, CASB can instantly identify the app and student involved and jump into action. Or, if a teacher mistakenly attaches sensitive information to an external email, you can automatically flag the occurrence and mitigate the risk.
In sum, CASB allows you to automate threat detection, streamline risk mediation, and seamlessly protect your school district from numerous cyber threats.