As technology becomes a mainstay in classrooms across the country, school districts find themselves increasingly exposed to threats and vulnerabilities in their information technology (IT) infrastructures. With the rise in students using school-issued or personal devices in the educational environment, cyber risks have amplified, leading to a significant increase in reported cyber incidents in schools from 2018 to the present.
The Shocking Rise in Cyber Danger
The past five years have seen a worrying surge in cyberattacks targeting schools, with reported incidents rising from 400 in 2018 to an accumulated total of over 1,300 by 2021. In 2022, researchers observed a 275% increase in ransomware attacks on overall education organizations, including a shocking 827% spike in attacks on K-12 schools.
Huge increases in education-targeted attacks were also seen, with encrypted attacks spiking 411% in 2022, and the number of IoT malware attacks rising by 146%. Cryptojacking attempts did not increase as dramatically in 2022, but it marks the second year in a row that growth continues, making it likely that these attacks will escalate in 2023.
Despite efforts to enhance cybersecurity measures, schools continue to be vulnerable to malicious threat actors. From the start of 2023, ransomware attacks disrupted school operations across the country. Several recent cases underscore the severity of these attacks and the disruption they can cause.
- In one Nantucket Public Schools case, a hacking incident forced an early dismissal after shutting down all student and staff devices as well as safety and security systems. The Superintendent directed that no school-issued devices should be used at home for fear of compromising home networks.
- Meanwhile, in Iowa’s largest school district, Des Moines Public Schools, IT staff had to take 71 buildings offline, including 63 schools and the virtual secondary school, to mitigate a ransomware attack’s impact. The subsequent restoration of servers, networks, and websites meant two days without schooling for approximately 30,000 students. Even when students returned, it was without internet access, and Wi-Fi was not restored until nearly 20 days later.
Fighting Back Against Cyber Attack
These incidents highlight the tactics of ransomware attackers, who use malicious software to encrypt victims’ files and block access to computer systems until a ransom is paid. Alarmingly, even after a ransom is paid, some threat actors demand additional payments, delete the victim’s data, or refuse to decrypt it. The exposure and danger involved underscores the importance of obtaining professional risk management protection for schools and other academic organizations.
The first step is to conduct a comprehensive risk analysis to identify areas of cyber vulnerability. ICC uses sophisticated technology to evaluate and reveal areas of vulnerability, a critical weapon in fighting against cyber threats. Importantly, this involves working directly with an advisor who will take a deep dive into your organization, dedicating a significant amount of time and resources.
As an example, an ICC risk management analysis might reveal that a school is using a seven-character password system. However, it is estimated that a seven-character password—even those including numbers, upper-case letters, lower-case letters, and symbols—can be cracked by a professional in just 31 seconds.
Many administrators are unaware that one of the key factors contributing to schools’ vulnerability is the inadequacy of password protection measures. Staying on top of evolving protocol and newly emerging cyber threats is a critical part of ICC’s role as a risk management advisor.
The next step is to develop a robust Response Plan and programs for addressing cyber threats that exist or may emerge. To follow through on the password example given above, a proactive plan would include the establishment of multi-factor authentication (MFA) combined with strong passwords to help prevent theft or unauthorized use of login credentials. Equipping IT infrastructures with advanced cybersecurity measures and fostering a culture of cybersecurity awareness among students and staff are other essential strategies.
Winning the Battle
With threat actors increasingly setting their sights on educational institutions, it’s clear that the fight for cybersecurity is being waged not just in boardrooms and government offices, but in classrooms across the nation. Given the formidable nature of cyber threats, it is crucial for schools to strengthen their defenses. By offering a combination of personalized attention, expertise, and advanced technology, ICC ensures the highest level of protection against cyber attack. As schools continue to navigate the digital learning landscape, cybersecurity must be a top priority, but with an ICC advisor who is specifically dedicated to your protection, you can keep students, staff, and school safe.
Sources:
Sonic Wall, March 2023, Data Shows Attacks on Schools Skyrocketing: https://blog.sonicwall.com/en-us/2023/03/sonicwall-data-shows-attacks-on-schools-skyrocketing/
Utica National Risk Management, June 2023, Staying Cybersafe: https://secure.uticanational.com/RulCov-1Vol2/Common/STAR%20Product%20Manuals/Loss%20Control%20Material/5-R-1447.pdf#msdynttrid=kEYcHUUoIY7h4B7YZVQl6eK0Zo_yxPcqxBde-pVVwLY