Since the beginning of the pandemic, schools and universities have been the #1 target for cyberattackers. We talk through the reasons why, the data security solutions schools need to prevent cyberattacks, and how we helped one public school secure their data landscape.
Over 18 months into COVID-19, both K-12 schools and higher education institutions continue to grapple with its effects. In the midst of the pandemic, another risk looms — cyberattacks.
Schools and universities have been the #1 target for cyberattackers throughout the pandemic (Sandle, 2021). The fallout from a cybersecurity incident has staggering repercussions – time wasted, money lost, reputations tarnished, and privacy exploited for the school as well as its students, parents, faculty, and staff.
In this blog, we discuss the increase in education cyberattacks, what can be done to increase cybersafety in schools, and how we helped one public school secure its privacy and data protection:
Why are cyberattacks increasing in schools?
The rise in cybersecurity incidents in schools can be attributed to a confluence of factors:
- Many types of attacks. From denial-of-service or distributed-denial-of-service attacks that shut down websites to school employees and students clicking on false phishing emails or malware downloads that look legitimate, these are the types of cyberattacks launched at schools.
- Attractive information. Similar to the financial services and healthcare sectors — there’s an incredible amount of high-monetary, high-intelligence information at stake in education, including financial (including bank accounts and credit card numbers), health, and personal details.
- More tech, less control. The transition to a 100% virtual learning environment opened the door for bad actors. Phishing, already the cause of 90% of school cyberattacks pre-pandemic (Castelo, 2020), skyrocketed with the dependence on unsecured devices and vulnerable cloud-based platforms.
- Lack of cybersecurity funding and staff. Schools and universities often lack the funds for cybersecurity software and expertise. The person “in charge” of cybersecurity at a school is often the head of a school’s entire IT efforts – making it hard to practice proactive cybersecurity.
These factors play into some of the most recent high-profile cyberattacks in schools:
- Howard University was forced to cancel all online and hybrid undergraduate classes immediately after returning from the long Labor Day 2021 weekend — a ransomware attack compromised its network and rendered the school’s Wi-Fi network unusable.
- University of California (UC) learned it had been the subject of a cybersecurity attack in April 2021, when an unauthorized individual copied and transferred UC’s files, exploiting a vulnerability.
- Broward County Public School District, the sixth-largest U.S. public school district, was hacked by the international malware group Conti. The district refused to pay the $40 million ransom — causing the hackers to release nearly 26,000 stolen records.
What can be done to increase cybersafety in schools?
Even as cybersecurity is becoming a priority for schools, there’s still the question of staffing and expense. Even with a cybersecurity technology and expert staff, you’re still hunting the threats as opposed to stopping them. The key is a machine-learning-driven, extended network detection and response (X-NDR) security orchestration, automation, and response (SOAR) platform, like our CyberSafety CC/B1 Platform™. The CC/B1 Platform can predict, anticipate, and block threats by:
- Applying multi-layer security algorithms at top speeds
- Collecting threat-related data from all corners of a network and streamlining them for a clear picture of an organization’s data landscape
- Acting as a “risk-aware engine” that proactively inserts security code, alerting the district’s technology of an attempted breach of data privacy
- Stopping the attack in zero-second accuracy, with zero-threat accuracy
Recently, we had the chance to work with a K-12 public school district that found itself in a precarious cybersecurity situation. The district had 9,000 students across 13 districts, 4,000 computers, and disparate systems that weren’t protected equally, opening them up to risk.
The district’s IT staff installed the CC/B1 Platform on a 60-day trial to identify existing vulnerabilities, and chose a configuration that includes filtering, intrusion protection, and anti-spam — and saw results almost immediately. After the trial, the platform was further rolled out to protect instant messaging, peer-to-peer file sharing, IP video for multiple locations and access points throughout the district, and all network routers and switches.
At CloudCover, we’re making the internet safer one network and device at a time — especially for schools and universities. Learn more by downloading our education case study at https://cloudcover.cc/education/.
References:
Castelo, Micah (June 17, 2020). “Cyberattacks Increasingly Threaten Schools — Here’s What You Need to Know.” EdTech Magazine. https://edtechmagazine.com/k12/article/2020/06/cyberattacks-increasingly-threaten-schools-heres-what-know-perfcon
Sandle, Dr. Tim (September 24, 2021). “The threat hanging over back to school: Howard University cyberattack.” Digital Journal. https://www.digitaljournal.com/tech-science/the-threat-hanging-over-back-to-school-howard-university-cyberattack/article