Think cybersecurity won’t or can’t impact you?
Well, you would be wrong.
The number of cyberattacks only continue to grow. Virtually every business you can think of has been hit–cybercriminals have targeted the pipelines we rely on for oil and gas; the hospitals we turn to in times of need, even the social media companies where we connect.
Nowhere is this more true than in our schools.
Just this past September, the Los Angeles Unified School District (LAUSD), the second largest in the country, announced it was the victim of a ransomware attack, with cybercriminals infecting the district’s computer networks, locking up files, and stealing data. In early October, the attackers followed through on their threat to release the stolen data if a ransom was not paid.
LAUSD is far from the only district impacted. One cybersecurity firm reported that this was the 50th attack on US schools this year. Ransomware attacks are particularly common cyberattacks in school districts because schools are chronically underfunded and understaffed to respond to cyber events. Ransomware is designed to encrypt all systems and devices, ultimately forcing some services to shut down. The cost of paying the ransom may be cheaper than getting the system up and running again, so the payoff to criminals is almost certain, and the likelihood that attacks will continue is almost guaranteed.
This begs the question: what should school districts be doing to protect themselves?
It comes down to three steps: Protection, Detection, and Response:
The vast majority of breaches are crimes of opportunity, so closing defensive gaps and having the right solutions such as Multi-Factor Authentication (MFA), Email Security, and Endpoint Management solutions in place is the best first step. More importantly, keep all the technology you already use current. Vendors will keep their solutions updated to respond as cybercriminals change their infiltration methods and become more sophisticated in their attacks. School districts should continuously invest to keep technology current. Delaying refreshes could leave them vulnerable.
They should also focus on services that are most critical. If there is an attack, which of these services needs to stay up and running? Consider bus scheduling, online or on-premise learning systems and payroll. Make sure these services and any systems that house personally identifiable information are protected with access controls like MFA, and limiting administrative access only to a small, well-trained, few.
Lastly, and this will be a frequent theme, cybersecurity isn’t any one person’s job, and school districts certainly don’t have to navigate this minefield alone. They should invest in year-round cybersecurity training for everyone: staff, students, parents, administrators, and technology support staff. In fact, organizations with strong people, processes, and technology see a 3.5 times performance increase in their detection and response outcomes. To do this, they can partner with federal, state, and local governments to apply for funding to support cybersecurity efforts.
At the federal level, the Biden Administration signed the “K-12 Cybersecurity Act” last year. This law requires the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to team up with the Federal Bureau of Investigation (FBI) to investigate all attacks in K-12 schools. The bill also requires these agencies to produce comprehensive cybersecurity toolkits in an effort to help educate school IT professionals, teachers, faculty, and students.
If an attack does break through protections, it should be detected and identified. Again, this doesn’t have to be done alone. The Center for Internet Security Multi-State Information Sharing and Analysis Center is a great resource to receive real-time threat information. Data indicates that teams who use threat intelligence are twice as likely to report strong detection and response capabilities. After all, it is a lot easier to detect a threat if you know what you’re looking for. Teams also need security that is integrated throughout a school’s connected systems. You can’t respond to threats you can’t detect, so a good place to start is a strong extended detection and response (EDR) solution that enables teams to monitor and identify potential issues.
School systems practice drills for physical campus threats, severe weather threats, and potential fire dangers. They should also be practicing for cyber incident responses using Incident Response playbooks. Strong data backup strategies can help minimize downtime from things like ransomware attacks, while having mobile device management (MDM) capabilities can enable schools to quarantine or completely wipe compromised devices.
A third time – just for good measure – school districts aren’t in this alone. Cyber insurers, the FBI, state response groups, and the private sector all have a role to play in supporting how school districts respond to cyber emergencies. The specific strategies employed will vary based on the capabilities and maturity of the school’s security program.
Creating a Plan
No industry is immune to the cybersecurity threats. Schools must protect student data and maintain critical services that serve a vulnerable population. Working with trusted security providers to create a plan that prevents, detects, and responds to cyberattacks is more important than ever.
- In 2024, education will move to adopt AI—but slowly - December 8, 2023
- Mitigating data breaches with live patch management - December 8, 2023
- How video coaching helps us support teacher growth and retention - December 7, 2023