School Cybersecurity Strategies as Ransomware Attacks Hit 56% of K-12

Editor’s Note: In the above video, Sai Huda’s company was incorrectly shown as “CyberCash.” The correct company name is CyberCatch, which is reflected in the write-up below.

Ransomware attacks are one of the biggest threats on the radar to businesses, from healthcare to QSR, especially since the several high-profile attacks in the last year. One of the most at-risk industries is education; primary school and colleges have been heavily impacted by ransomware threats as they often don’t have the infrastructure to stop or prevent attacks. It appears this gap between attacks and appropriate responses is only growing. A recent Sophos report conducted in February 2022 found that attacks are up across all of education, with 56% of K-12 schools and 64% of higher education institutions reporting a breach in 2021. This is up from 44% of the entire sector being affected by a ransomware attack in 2020.

“The reason why [schools] are in the line of sight is because these education institutions normally have vulnerabilities that can be easily exploited,” said Sai Huda, Founder and CEO of CyberCatch. “They have data and they would have a significant impact from a ransomware attack, let alone a data theft.”

If the Sophos report is any indication, the problem is only getting worse and schools need to invest in the right tools to protect themselves from future hacks. Experts explained that most educational institutions don’t make cybersecurity a priority, and attackers have caught on. The Sophos report reflects this; out of all the sectors studied, “education is the sector least able to stop data being encrypted in an attack,” with higher education reporting the highest data encryption rate at 74%. Hackers understand it’s fairly easy to access ransomable information from schools.

“The data is valuable because it is data about the students, about their parents and families, if they are a higher education institution, they may have research data that is of value to the attackers,” Huda said.

Schools therefore need to build the infrastructure and invest in a variety of resources to prevent their data from being leaked. While doing this can be timely and expensive, it’s likely less expensive than the average $1.5 million it cost educational institutions to retrieve ransomed data.

“[Schools should] get security advice from outside experts as there are organizations and individuals that will provide that on a pro-bono basis,” said Dave Cunningham, Senior Case Manager at Alvaka Networks.

Cunningham also mentions that educational organizations need to realize that there are different levels of security measures and they need to make sure they are implementing one that is high-caliber, proactive and responsive.

When a cybersecurity threat does happen to a school, the Sophos report found it takes them longer to address and stop the issue, usually because there aren’t specific staff members on hand that are trained to deal with this issue. This can amount to months on months of data being held hostage; higher education reported the slowest recovery time from a ransomware attack among all studied sectors, according to the Sophos report. It then costs taxpayers millions of dollars to satisfy the demands of the attackers.

While there are insurance companies that offer cyber liability insurance, it’s just now becoming a more popular solution and is not yet widely adopted. Educational institutions are reported to have below-average cyber insurance coverage, clocking in at 78% while the global average rests at 83%.

Hackers have recently taken on a double-extortion attack method where they not only hold sensitive data hostage under threat of public release, but they lock schools out of their systems all together until a ransom is paid, which includes access to admissions, enrollment, and school records.

The pandemic also opened up a lot of doors for hackers, as daily work projects and communications were suddenly conducted online and often done insecurely. Schools in particular were an easy target and collectively suffered a huge financial loss, upwards of $3.5 billion in 2021.

There are many ways that schools can try to protect themselves from cybersecurity attacks, from proper investment in personnel to more advanced network protection. The most important tip is for school and district administrators to proactively, instead of reactively, insulate against cyber breaches and to understand that even if their school wasn’t affected, the ramifications of being unprepared are enough to motivate investment into well-researched solutions.

Cunningham, who works with organizations to help recover ransomed information, advises for investments into immutable ransomware-resistant back-up solutions, multi-factor authentication for all remote and administrative access, and endpoint detection response software to create more oversight over potential or real-time attacks. Even just these basic investments will go a long way, he said.

“We’ve had eight school districts that have gotten attacked by ransomware that we have been part of helping to recover, and we can say in all eight of those school districts, the basic measures that I just listed off are not in place. And these are considered to be the starter measures, the basics that need to be in place,” Cunningham said.

According to Huda, the five main strategies that educational organizations can use in order to prevent data breaches are…

  • Making sure there is an incident response plan
  • Multi-factor authentication for all users
  • Segmenting their networks
  • Making sure backups are offline
  • Instituting control testing in order to ensure all solutions are in place and working effectively

The time to make these investments is now, Huda explained. His own organization conducted a Small and Medium-Sized Businesses Vulnerability Report during Q1 2022, which included schools in the U.S. and Canada, and found that if organizations don’t make necessary changes, they’ll continue to be at risk from sophisticated hackers.

“75% said they would only survive a ransomware attack three to seven days. 55% either don’t have an incident response plan or it’s outdated, stale, and they haven’t tested it in about a year, which is not effective,” Huda said.

Follow us on social media for the latest updates in B2B!

Image

Latest

waymaker
The Waymaker Approach: Leading with Purpose, Authenticity, and Curiosity
October 4, 2024

Today’s education leaders are under immense pressure, juggling administrative duties while trying to stay connected to their students, staff, and communities. Many are searching for ways to lead with greater authenticity and purpose. With teacher burnout and turnover reaching critical levels, there’s an increasing need for leadership that prioritizes human connection and values-driven action….

Read More
education sector
Education Sector Needs to Focus on Tailoring Solutions to Meet Student and Teacher Needs
October 4, 2024

The education sector is facing unprecedented challenges, with the pandemic further exposing long-standing issues like teacher burnout, mass exits from the profession, and the quest to find the right teaching tools. A recent National Education Association (NEA) survey found that 55% of educators are considering leaving the profession earlier than planned due to pandemic-related…

Read More
Ellendale AI
September 2024 Update on Applied Digital’s Cutting-Edge Ellendale AI Data Center
October 3, 2024

In the September update, we get an exciting sneak peek at the progress of the utility substation and three levels of Applied Digital’s Ellendale AI Data Center in North Dakota. This cutting-edge facility, spanning 363,000 square feet and built to handle a 100MW IT load, is designed to meet the intense demands of AI…

Read More
Community and belonging
Community and Belonging in the DisruptED World of Education
October 2, 2024

Creating a sense of community and belonging in education has never been more important, especially with online learning and AI-driven platforms reshaping the ways students engage with educational content. Research shows that a sense of purpose and belonging can significantly impact student success, improving both academic outcomes and overall well-being. With institutions navigating post-pandemic…

Read More