How Education CIOs Can Prepare for Ransomware and Cyberattacks
Cybercriminals continue to target kindergarten through twelfth grade (K-12) educational institutions at high rates. A trend that the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) expects to continue. As threat actors aim to exploit vulnerable institutions, education IT teams must explore ways to safeguard networks and systems while relying on limited resources. The question is no longer if an attack will happen. Rather, it’s when. Learn how to prepare your district for ransomware and cyberattacks.
Increased Risk to the K-12 Educational Technology System
Even before the new school year began, cybercriminals were planning attacks. Checkpoint, a cybersecurity solution provider, found “over 35,149 new domains were registered around the back-to-school theme.” The standard weekly average is 115 suspicious domains per week, but near the end of July and the beginning of August, malicious domains jumped to 356.
Once school began, “The average number of weekly attacks per organization in the academic sector in July-August increased by 30% from 468 to 608 when compared to the previous two months.”
Furthermore, MS-ISAC data shows, 57% of reported incidents in August and September involved K-12 schools versus 28% of all ransomware incidents in the previous months. However, hackers can be in your network for weeks or months before launching a full-scale attack.
Why Cyber Threats are Rising
Cybercriminals understand the unique challenges faced by K-12 education IT teams and work to exploit these vulnerabilities. A shift to distance learning widened security gaps and complicated the role of IT professionals.
As the use of remote desktop protocols and online collaboration tools rose, so did cybercrime. Absolute, an endpoint security provider, notes that “ransomware accounts for approximately 80% of malware infections in education, up from 48% in 2019.”
Moreover, Absolute reveals, “72% of devices are running operating systems two or more versions behind—rising to 81% for machines running Chrome OS. 46% of schools reporting at least one device using rogue or non-authorized VPN or web proxy applications.”
Ransomware and cyberattacks target educational institutions for many reasons, including:
- Greater attack surface and new attack vectors
- Increase in student data
- IT teams stretched thin
- More open and exposed ports
- Limited IT resources
- Reliance on remote technologies
- Employee or student errors
- Missing or unaccounted for devices
- Use of end of life software
How Threats Impact Schools and Students
A cyberattack can shut down all district’s networks and affect the main tools used to communicate with students and parents. Recent attacks affected the online learning system, Canvas and prevented the use of Skyward, a platform for tracking attendance and sharing information with parents. Cyber hacking and malicious attacks:
- Put student data, including personal identity information, at risk
- Disrupt the educational process
- Affect student learning
- Limit access to networks, files, and communication systems
- Force staff and students to use personal devices
- Threaten compliance with regulations, such as Family Educational Rights and Privacy Act (FERPA)
Types of Cyber Threats
According to the FBI, K-12 schools using remote desktop protocol experienced increased ransomware attacks, namely through the Ryuk ransomware. The number of denial of service (DoS) attacks and distributed denial of service (DDoS) attacks also grew.
The most common ransomware variants and other cyber threats that disrupt learning and negatively affect children consist of:
- Ransomware: Malicious programs encrypt files, request money, and may threaten to share data online. Top used methods include Ryuk, Sodin, Maze, Nefilim, and AKO.
- Trojan: A type of non-ransomware malware created to steal, disrupt, or damage network files and data. ZeuS affects Windows, and Shlayer is a macOS trojan.
- Zoombombing: The appearance of an uninvited person in a Zoom meeting that disrupts the class.
- Cyberbullying: Bullies use electronic communication to harass people by sharing harmful or mean information about a person online.
- Phishing: An attempt to steal credentials or credit card data using an email, attachment, or link that looks it was sent from your school or other trusted institution.
Although money is certainly a driving factor behind cybercrime, many hackers aim to exploit children by gaining personally identifiable information. Some use the data to access a child’s credit, while others scope out kids for more nefarious purposes.
Schools Affected by an Uptick in Educational Cybercrime
Hundreds of K-12 schools suffered attacks leaving them without access to e-learning systems and forcing school closures. Armor, a cybersecurity software provider, reported 17 districts with 284 schools faced ransomware attacks between January 1 and April 2020. In contrast, only eight school districts and colleges experienced similar attacks in 2019.
Cybercriminals attacked vulnerabilities across the United States, including educational systems, such as:
- Baltimore County Public Schools (BCPS) suffered an attack before their Thanksgiving break that kept schools closed until early December.
- Fairfax County Public Schools (FCPS) in Virginia hit the IT systems during the first week of the school year.
- Miami-Dade County’s first days of virtual classes were disrupted by a series of Distributed Denial-of-Service attacks orchestrated by a local high school student.
- In Montana, Ryuk ransomware required Havre Public Schools to shut down all of its district computer systems.
How to Prepare for Ransomware and Cyberattacks in K-12 Education
With the fast pace of criminal activity, education IT teams need a multi-level approach. The method must recognize, measure, prioritize, and improve security. With a proactive strategy, you can build resilience by hardening services and systems.
Perform Regular Risk Assessments
Frequent risk assessments performed by internal and third-party providers can boost awareness and expose potential vulnerabilities. Audit and penetration testing keeps you on your toes and ensures you’re using the best practices to elevate endpoint security.
For instance, security flaws in learning software may stem from plug-ins or add-on capabilities. In contrast, threat actors may use Google Hangouts and Apple iMessage to deliver phishing campaigns. Overall, Windows devices experience more threats than other devices and services, such as Chromebooks or iPads.
Implement Comprehensive Cybersecurity Solutions
Neutralize ransomware threats by developing multiple layers of protection and detection. An all-in-one security solution can simplify tasks by centralizing management processes. However, you’ll want to map out all vulnerabilities and note the action taken to harden them.
Educational cybersecurity best practices include:
- Endpoint protection: Antivirus and antimalware tools protect, detect, and respond to threats on desktops, laptops, and mobile devices.
- File integrity monitoring:Use a software tool that looks for changes to operating and application system files.
- Internet protocol (IP) monitoring and blocking: Proactively block new and upcoming threats from bad actors and infrastructure.
- Attack surface: Obtain control over all applications, data, peripherals, and network traffic to limit the attack surface.
- Patch management: Develop a plan for timely and consistent patching of operating systems and software platforms. Use automation where possible.
- White-listing: Create a list of approved processes and applications for faculty, students, and administrators.
- Least privilege access control: Only give users standard access to programs and services required to complete schoolwork.
- Mobile device management (MDM): Track all school-owned mobile devices, create security rules for downloading applications, and use MDM software to erase devices remotely.
- Firewall: Use a next-generation firewall with application filtering, virus and malware protection, and intrusion prevention.
- Network access control (NAC): Enable NAC to ensure devices meet security requirements and authenticate users before joining your network.
Create a Ransomware Incident Response Plan
A ransomware response plan reduces learning downtime while eliminating confusion about what to do or who does what. Your crisis team should include IT, district, and department leaders. Along with a reporting and action plan, leaders should:
- Map your IT infrastructures
- Determine your critical systems and data
- List actions to contain attacks and limit damages
- Plan for remediation efforts to restore encrypted files
- Outline your sterilization actions
- Describe how you’ll immunize other surfaces
Once you have a plan, don’t wait to implement it. Test it immediately and schedule drills regularly. For the quickest response, assign individuals to various tasks.
Have a Contingency Plan Ready
Whether a platform is down or your network is compromised, a communication plan is essential. As part of your test runs for ransomware incident response, ask your faculty to review their preparations. Ensure students receive a copy of your backup strategy and clearly communicate expectations. Consider:
- How teachers can access class rosters and updated contact information
- Procedures for switching to personal devices and services
- Your communication protocol for contacting students
- Policies for scheduling make-up assignments and tests
- Alternative platforms for homework submissions
Ensure Automatic Data Backups
From student emails to education-critical data, regular and secure backups reduce disruptions. Enlist the help of third-party services to automate the process and alert you to data abnormalities. Your backup plan should:
- Connect all school-issued devices to an automatic and remote backup system
- Keep multiple backups of critical applications, data, and platforms
- Save an offline data backup that is password-protected and air-gapped from the internet
- Be tested frequently to guarantee accessibility and data completeness
Develop a Security Awareness Training Program
Tailor your approach to security awareness and training by designing programs for faculty, parents, and students. Start by outlining potential risks to each group, then provide the warning signs of various types of attacks and cyber hygiene best practices.
Use videos, infographics, and online game-based platforms to create engaging presentations that explain your policies while instilling awareness. Educating students, parents, and faculty isn’t only about protecting your school. It’s a vital life lesson that helps individuals keep themselves and their data safe.
Safeguard Your School’s Networks, Systems, and Data
Threat actors exploit the vulnerable, and right now, educational technology systems are a tempting target. Although cybersecurity is a massive endeavor, your technology partners can alleviate some of your burdens and help you develop a comprehensive solution.