Why have cybercriminals set their sights on schools? Financial gain is the most common motive. Schools store a wealth of personally identifiable information (PII) that can be stolen and sold on the dark web. And schools tend to process a relatively high volume of financial transactions, like paying school fees, over poorly secured networks. Ransomware attackers target schools because they know schools cannot remain offline for long. In 2020 alone, ransomware attacks affected nearly 1,800 schools, impacting more than 1.3 million students.
Ransoms ranged from $10,000 to over $1 million. But experts estimate that these attacks cost education institutions $6.62 billion in downtime alone. Most schools will have also faced huge recovery costs in their efforts to restore computers, recover data, and shore up their systems to prevent future attacks.
Financial gain isn’t the only motive. Vandals target schools for the notoriety or the thrill of disrupting a social mainstay. Hacktivists target schools and school board meetings with extreme political agendas. And disgruntled students are often just looking for a way to exact revenge or disrupt school. What all these attacks have in common is that it’s easy to breach the cyber defenses of underfunded school network security.
Technology changes are likely permanent
Modern education relies on technology. Digital classrooms, remote tutoring, web sites that host assignments, digital online libraries, and online parent-teacher engagement are all possible thanks to technology. More students have devices, and more teachers are using the internet to teach and communicate with students than ever before. And allowing some percentage of students to remotely attend hybrid classrooms is likely to remain a permanent fixture of many schools, even after the pandemic is over.
The government has made significant investment to connect students and anchor institutions during the pandemic, and those technologies are unlikely to be abandoned once life returns to normal. Schools not only need to be sure that students remain connected but need to ensure that they are securely connected.
Time to update E-Rate funding
Funding has historically been an issue, ironically made worse by the outdated focus of the E-Rate Program, which is run by the Federal Communications Commission (FCC). This has made it difficult for schools to keep up with the technology–and accompanying security–demands of our digital society. The FCC has a unique opportunity here and a recognized demand across the country to provide schools the flexibility to use funds to stay ahead of the growing cyber threat.
It’s clear that the E-Rate Program intends to include cybersecurity because a “basic firewall” has been an allowable expense since the policy was written in the late 1990s. But cyberthreats have evolved since then, and the need for more robust cybersecurity has advanced well beyond the capabilities of a basic firewall. Today’s digital security needs to address the variety of threats schools and students face while protecting the variety of technologies now in place at most schools. This must include devices used by remote students, who need them to ensure equal access to digital classrooms and online resources.
It’s time for the FCC to evolve its funding parameters to include the modern, advanced cybersecurity tools that schools need to combat today’s rampant and sophisticated attacks. Schools have both a desire and an obligation to protect the digital presence of students and teachers, and they must not be hindered from doing so by a lack of funds. As the digital landscape shifts to include hybrid learning long-term, children and their data are worth protecting.
- 5 ways to make way for science in an ELA and math world - March 20, 2023
- Addressing the digital divide’s effects on education and the workforce - March 20, 2023
- 3 ways to engage students in productive struggle - March 17, 2023