Key points:

• Some of the most school budget-friendly security tools aren’t a match for ransomware
• The bottom line: Schools need more funding to adequately thwart ransomware attacks
• See related article: Preparing for ransomware attacks begins with education

In early January, the Des Moines Public Schools, the largest school district in the state of Iowa, fell victim to a ransomware attack that forced the district to take its network offline and students to miss more instructional time.

In addition to the disruption to operations, the district discovered that the attackers compromised the personal data of nearly 7,000 individuals, putting them at increased risk of identity theft and other crimes.

This is just one attack among hundreds as ransomware gangs relentlessly target the education sector. Disruptive ransomware attacks against the education sector have become so commonplace that they are likely to cause more school closures than weather-related incidents.

In fact, the number of attacks against schools is so high that the month of June was on pace to go down in the record books for the highest volume of disclosed attacks against education organizations to date.

A problem with few solutions

The Cybersecurity and Infrastructure Security Agency (CISA), which oversees protecting government agencies and our nation’s critical infrastructure, recently issued an alert about the growing risk to the education sector from ransomware attacks.

Key points:

• There are simple and proven tactics to help schools avoid common cyberattacks
• Remaining vigilant and knowledgeable helps educators form safe habits to dodge cybercriminals
• See related article: Defending against the most common cyberattacks

It’s not a topic we’re unfamiliar with: Criminal hackers are increasing their activity and they’re targeting K–12 schools, threatening districts with damaging financial and learning-downtime costs. The K12 Security Information Exchange (K12 SIX) tracks publicly disclosed school cyber incidents and reports an average rate of more than one K–12 cyber incident per school day across U.S. public schools.

With increased cyberattacks, the idea of a potential threat to a school or district feels daunting to ward against, but, more often than not, these simple tactics outlined below can support educators thwart some of the most common attacks.

Know the formats

Before we can discuss tactics to avoid the traps of cyber-criminals, we first must address the forms these attacks can take. Primary types of incidents range from student-data breaches, denial-of-service (DoS) attacks, business email compromise scams, and online class and school meeting invasions. Fortunately, two of the most common attacks reported—phishing and ransomware incidents—can in many cases be easily prevented by attentive users.

In phishing attacks, the hacker tries to trick you into clicking on a link or attachment in an email or text that appears legitimate but is actually malicious. The goal is to extract or deceive you into disclosing private information. Ransomware, on the other hand, is a form of malware that infects your system, locks access to your data or computer, and demands that you pay a ransom to unlock it. While the costs of these incidents can be devastating, being aware of the shape they can take will support you whenever you’re working online.

Key points:

• Cybersecurity is a risk to anyone with a device–no matter their age
• Children are uniquely vulnerable, and strategies like password managers and open communication can help shore up strong cybersecurity practices
• See related article: Preparing for ransomware attacks begins with education

We are living at a time when many of the most advanced, profitable, technologically-sophisticated companies in the world are barely treading water when it comes to cybersecurity. With that being the case, what chance do our children have of staving off these threats?

More than half of U.S. children now possess their own smartphone by the age of 11. And long before they have a device of their own, they’re using their parents’—to play games, to watch movies, to do their homework. That’s not to mention the panoply of devices they interact with at school, at friends’ homes, at after-school activities — on and on and on.

Each one of these devices represents the risk that a child will surrender vulnerable information, accidentally install malware, or worse. Today’s cybercriminals are relentless, operating at unprecedented scale and seeking advantage wherever they can find it. Children—the most vulnerable among us—are an irresistible target to these bad actors. It’s no surprise, then, that one in four young people will experience identity theft or fraud before they reach the age of 18.

This isn’t necessarily a reason to panic. The benefits of our connected world far outweigh the risks presented by cybercriminals. It is, though, a reason to really talk to your child about the reality of scams online—to teach them what to look out for and present them with a realistic sense of what the risks are. Because fundamentally, proper cybersecurity— like charity — should begin at home.

Key points:

• An ISTELive 23 session spotlights what district IT leaders are doing to ensure anytime, anywhere access and connectivity for all students
• Having the support of the superintendent is critical to any district trying to achieve a digital transformation
• See related article: High-speed internet is a basic necessity–not a luxury–when it comes to learning

Having reliable, high-speed internet access isn’t a privilege—it’s an absolute essential right for students if they are to have access to the digital learning resources and tools that will help them build skills for future success.

At ISTELive 23, Dr. Kiesha King, senior education administrator for T-Mobile and a former educator, sat down with educators in districts partnering with T-Mobile to examine how 5G connectivity is working in schools and districts across the nation.

“We’re not talking about doing something that’s optional for kids. We’re talking about changing the landscape of how they do education, changing the impacts of the future workforce, changing the way kids interact with their learning environment,” King said.

When we talk about student connectivity it has to be within the framework of how it’s going to drive overall student success, how can we align that with our district’s strategic plan and our instructional model, and grow that from there. What have you done with T-Mobile from an innovation perspective and where is it going in the future?

“I always say we live in the age of the connected students. Students who come to Morehouse College are already connected to 5 devices” including their TVs streaming, game systems, laptops, desktops, tablets, Apple watches, and cell phones, said Dr. Muhsinah Morris, Metaversity director and professor at Morehouse College. “They’re already really connected in every way to some network.”

Key points:

• Schools are using more edtech than ever–but they’re also more vulnerable to cyberattacks
• Account monitoring, strong passwords, and strict access controls are just a few of the strategies schools can use to protect their networks
• See related article: 4 key ways schools can strengthen and advance cybersecurity strategies

K-12 schools are facing an increased risk of cyberattacks due to a combination of competing factors. School districts have sprawling networks where availability often takes precedence over security, but are constrained in managing those networks by limited resources and overstretched IT teams.

Meanwhile, the increased use of cloud-based email and remote learning technologies, along with inadequately managed virtual private networks (VPNs), have made schools an attractive target for the types of basic attacks that larger organizations are better prepared to defend against.

A recent Government Accountability Office (GAO) report on K-12 cybersecurity found that attacks have been on the rise since the COVID-19 pandemic forced schools to adopt more remote learning. It also discovered that the damage from those attacks is growing. In total, the GAO found that the range of impacts from cybersecurity attacks includes:

• Loss of instructional time for students, ranging from a couple days to over three weeks.
• Slow recovery time that often took between two and nine months.
• Large financial impact, ranging from $50,000 to over $1 million, with costs including replacement of computer hardware and enhancing cybersecurity to prevent future attacks.

That combination of contributing factors may put schools at a disadvantage against malicious actors, but there are several steps schools can take to help them deter the most common attack vectors.

Key points:

• Ransomware attacks can be devastating to a school or district, with costly ransoms and leaked sensitive information
• The most effective security is layered; humans are only part of the equation

The biggest threat to K-12 schools’ cybersecurity is, ironically, education. It’s an expensive deficit. But there are funds and tools to help.

Ransomware – where hackers encrypt and lock victims’ data and try to sell the decryption key back to the victim for a ransom – delays education and hurts already-stretched budgets: A GAO report says a ransomware attack can cause K-12 students learning loss up to three weeks and cost from $50,000 to $1 million in expenses.

Or worse. In November 2020, a ransomware attack hit the Clark County School District in Nevada, the fifth-largest school district in the U.S. More than 320,000 students were blocked from accessing assignments and other educational materials. It cost the district more than $4 million to recover from the attack.

Even when schools don’t pay the ransom, as in the Los Angeles Unified School District case in 2022, there are costs. In the LAUSD, some of its platforms were knocked offline and sensitive personal information was released. More recently, the Minneapolis Public School District was attacked by ransomware criminals in March of 2023. District data was held hostage for $1 million. When the district did not pay, the criminals released highly sensitive personnel data.

Key points:

• With cyberattacks on the rise across schools, IBM Education Security Grants have already benefited more than 350,000 students globally
• Now in its third year, grants are expanding to offer students and teachers access to cyber and AI skills through IBM SkillsBuild

In response to the growing threat of ransomware attacks against schools around the world, IBM will provide in-kind grants valued at $5 million to help address cybersecurity resiliency in schools.

Since its creation in 2021, the IBM Education Security Grants program has expanded globally, and this year will also include enhanced offerings from IBM SkillsBuild on topics including AI and cybersecurity. 

Ransomware is unfolding faster than ever, with attackers managing to cut down the time required to deploy ransomware attacks from over two months to just under four days between 2019 and 2021, according to IBM’s X-Force Threat Intelligence Index 2023. In fact, the share of cybersecurity incidents observed in the education sector more than doubled in 2022 compared to the year prior, experiencing the largest increase year over year than any other industry.

“Time and time again attackers go after the education sector, yet many of these institutions remain constrained in their security resources,” said Andy Piazza, Global Head of Threat Intelligence, IBM Security X-Force.  “To date this program has helped more than 350,000 students across schools in the US and abroad, with IBM Service Corps helping them recover from ransomware attacks, strengthen their security posture against future attacks, and prevent further disruption.”

Key points:

• School districts need bigger cybersecurity budgets and support mechanisms
• Cybersecurity threats are not going away, and knowledge is a large factor in protecting networks
• See related article: 4 steps to avoid a ransomware attack

Now more than ever, safeguarding students and staff from targeted cyberattacks is critical to the health of our U.S. education system. Local K-12 schools are a top target for cybercrime. Estimates from the nonprofit organization K12 Security Information Exchange reveal more than 1,300 publicly disclosed cyberattacks against U.S. schools since 2016.

The size and scope of these threats amplified during COVID-era hybrid learning, when schools were forced to rapidly adopt cloud-based collaboration technologies at scale. But even though students have returned to the classroom post-pandemic, just like every other industry, the K-12 threat landscape isn’t slowing down.

It’s understandable why school networks are an opportunistic target. They hold the keys to large quantities of valuable intellectual property and sensitive PII, financial, and healthcare data that can be exploited for ransomware and monetary gain. And with myriad vulnerable access points, limited IT resources, and a continually rotating student body, maintaining a strong security posture is often riddled with complexity. According to reports cited in CISA’s first-ever K-12 security report, nearly 30 percent of K-12 school district members have reported being victims of the following cyber incidents:

1. Data breaches exploiting the personally identifiable information of students, teachers, and school community members
2. Ransomware attacks
3. Business email compromise (BEC) and phishing attacks
4. Denial of service (DDoS) attacks
5. Website and social media defacement
6. Online class and school meeting invasions

Key points:

• More students and educators are connecting personal devices to school networks
• This makes network security–an already underfunded area–even more critical

The pandemic was a massive shift for school districts across the country, and even as we move out of it, we’re still feeling the impact. On the technical side, it prompted quick transformation to enable virtual schooling–and these changes were made as districts were already challenged by legacy technology, reduced budgets and understaffing. Existing problems were exacerbated.

In parallel, we’ve seen a rise in ransomware and other cyberattacks in the education sector. What’s needed is a digital transformation strategy that also prioritizes security.

A challenging landscape

There’s nothing mysterious or shocking about the rise in cyberattacks against the education sector. Today’s 21-century education requires up-to-date technology, but that’s a bigger risk for school IT teams. For instance, educational institutions are witnessing growth in the number of students, professors, and administrators who link personal devices to the network. A school district’s attack surface is expanded by this increased connection, making it more vulnerable to new threats.

And most schools are not equipped to deal with these threats; the Nationwide Cybersecurity Review (NCSR) risk-based assessment rates the cyber maturity score of K-12 schools at 3.55 out of 7. In fact, according to 29 percent of those responding to the K-12 Report, a cyber incident occurred in their district last year. Malware and ransomware were two of the most prevalent occurrences. According to the report, ransomware attacks pose the greatest cybersecurity risk to K-12 schools and districts in terms of overall cost and downtime.

Last September, the Los Angeles Unified School District was hit by a ransomware attack at the start of the new school year. The second-largest educational district in the country, with more than 600,000 students and 25,000 employees, had its email taken offline and other internal systems affected by the cyberattack. When the district chose not to pay the ransom, sensitive employee data was posted online. While this attack may seem extraordinary because of its size and scope, digital security breaches like this are happening at educational institutions across the country. And school districts need to take defensive action against cyberattacks now before it’s too late.

With school districts across the U.S. being targeted by cyberattacks, the need for robust, cost-effective cybersecurity support is not just important–it’s now considered essential. But many local governments and educational institutions remain unprepared for this type of active threat. A recent report by the Cybersecurity and Infrastructure Security Agency on the K-12 school cybersecurity landscape found that close to 50 percent of the school districts in the country have neither the staff nor the budget to adequately protect their IT infrastructure.  

As schools look for solutions to bridge this security gap, one easy and cost-effective method they should consider is the adoption of mobile device management (MDM) platforms. A small number of schools are currently using this solution to their advantage. This includes public schools like the Interboro School District in Prospect Park, PA, which employs MDM to manage a fleet of iPads used to supplement classroom instruction. Interboro uses MDM to ensure the tablets are secure and functioning properly, the students using them are staying safe online, and the costs associated with maintaining the devices are minimized.

IT departments at K-12 schools in the U.S. should follow Interboro’s example. By using MDM platforms, they can keep their technology costs low in a time of economic uncertainty and increase the impact of their existing IT staff by freeing them up to be more proactive in protecting against cyberattacks.

As school districts emerge from the worst of COVID-19, they’re bringing with them new priorities. Many of the changes that districts have made during the pandemic, such as giving employees the flexibility to work remotely, will be carried forward. Other processes are being reevaluated to serve the needs of students and other stakeholders more effectively.

In looking to update everything from teaching and learning processes to school district operations, one of the most basic steps that K-12 leaders can take to position their schools for success is updating their education resource planning (ERP) solution by moving to a cloud-based system.

We can’t really talk about modernizing and streamlining district operations without discussing ERPs. An ERP is the backbone of a district’s operations, helping administrators manage essential financial functions related to payroll, HR, accounting, and more.

Scalability, affordability, and reliability—hallmarks of cloud-based software—make it an ideal solution for any district that is ready to modernize its ERP solution. Migration can come with some up-front costs, but districts will save in the long run thanks to the lower total cost of ownership of cloud solutions.

Just a few years ago, ransomware probably didn’t rank very high on a list of things parents regularly talked about. But the odds are getting higher that if you ask a parent about it now, they’ll have plenty to say.

Fourteen percent of parents of school-age children in the U.S. responded to a recent survey saying that they had experienced a ransomware attack on their kids’ school. That number was just 9 percent a year ago. The rate of attacks appears to be growing, with a higher percentage of parents saying it happened last summer or this school year, compared to those who experienced it the year before.

Criminals attacked school districts in Tucson, Arizona, and Nantucket, Massachusetts, in late January, cancelling classes for one district and sending administrators to work from home at the other. The attacks marked the fourth and fifth publicly-disclosed incidents in January alone, although survey data indicates that schools may be getting targeted at a higher rate than that, and some incidents may simply not be getting disclosed.

A growing number of victimized schools end up paying a ransom to remedy the situation, and those payments look to be getting much higher. But before diving into those numbers, let’s consider some of the unseen damage of these attacks.

Educational institutions have an urgent reason to put data security and backup at the top of their agenda: the rising threat of ransomware. Security firm BlackFog reports that the education sector is now the top target for ransomware attacks, surpassing government and healthcare.

In one recent case, the Los Angeles Unified School District, which has more than 540,000 students and 70,000 employees, suffered a ransomware attack that blocked email, computer systems, and applications. Following the attack, Vice Society, a Russian-speaking group that claimed responsibility for the breach, released a 500GB cache of data that appeared to contain personal information, including passport details, Social Security numbers, and tax forms, according to reports.

A successful cyberattack on a school can have far-reaching and devastating consequences. Not only does it come with a high financial cost, but it also disrupts the core function of education by making resources inaccessible, potentially leading to a loss of sensitive information such as HR and MIS data. Furthermore, it diverts valuable time and resources away from the primary goal of educating students.

As bad as the threat is, it could get worse—the increase in remote learning after the pandemic has expanded the attack surface. Before the pandemic, e-learning was not so widespread. However, with many more people now accessing educational networks from remote locations, cybercriminals can exploit many more entry points, putting added pressure on schools. With the rise of hybrid education models, in which students attend in-person and online classes, the risk of cyberattacks increases, highlighting the need for comprehensive security measures to safeguard educational institutions and their students.

Cyberattacks against K-12 schools continue to climb in both number and scale. Such attacks can have serious repercussions; according to a recent report from the Government Accountability Office, “officials from state and local entities reported that the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time ranged from two to nine months.”

These attacks aren’t just being carried out by disgruntled students or “lone wolf” types. Increasingly, schools are becoming targets of organized cybercrime organizations. The FBI, CISA and the MS-ISAC issued warnings at the start of this school year, anticipating attacks may increase as criminal ransomware groups perceive opportunities for successful attack.

The rise of Ransomware-as-a-Service

Many of the recent prominent attacks against schools have been perpetrated by organized crime – and they’re often using what’s known as Ransomware-as-a-Service (RaaS). This is a subscription-based model that allows partners (affiliates) to use ransomware tools that someone else has already developed. The affiliates earn a percentage of the profits if the attack is successful, so there’s plenty of incentive. RaaS makes it easier to pull off more attacks more quickly, which has made it very popular.

Recent research found that ransomware threats remained at peak levels in the latter half of 2022 – with new variants being enabled by RaaS. In 2022, 82 percent of financially motivated cybercrime involved the employment of ransomware or malicious scripts. And not only are bad actors continuing to introduce new strains of ransomware, but they’re also upgrading, modifying, and reusing old ones. The result: Attacks that are more complex and damaging. RaaS appears to be the driving force behind it all.

RaaS is an indicator of what’s to come

The dark web is starting to host an increasing number of additional attack vectors as a service, and this will significantly increase the availability of what’s known as

Cybercrime-as-a-Service (CaaS). It includes new criminal strategies, such as the sale of access to already-compromised targets, will develop in addition to the sale of ransomware and other malware-as-a-service offers.

By 2025, nearly half of cybersecurity leaders will change jobs, 25 percent for different roles entirely due to multiple work-related stressors, according to new predictions by Gartner, Inc. 

“Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.”

Given these dynamics as well as the massive market opportunities for cybersecurity professionals, talent churn poses a significant threat for security teams. Gartner research shows that compliance-centric cybersecurity programs, low executive support and subpar industry-level maturity are all indicators of an organization that does not view security risk management as critical to business success.

Organizations of this type are likely to experience higher attrition as talent leaves for roles where their impact is felt and valued.

“Burnout and voluntary attrition are outcomes of poor organizational culture,” said Gopal. “While eliminating stress is an unrealistic goal, people can manage incredibly challenging and stressful jobs in cultures where they’re supported.”

It is undeniable–the education sector is prone to cyberattacks from malicious cybercriminals due to the amount of personal data available across user devices and organization networks. Just this past fall, the FBI, CISA and MS-ISAC issued an alert on Vice Society, whose actors have been known to disproportionately target the education sector with ransomware attacks.

While cybersecurity is certainly a top concern among this sector, tight budgets and resources mean that it is often not addressed until a major incident occurs. Given the imminent nature of today’s threat landscape, now more than ever, the urgency surrounding how best to protect and mitigate such attacks is at an all-time high.

With 40 percent of education devices found to have sensitive data stored, educational institutions must be adequately prepared to proactively prevent and respond to potential cyberattacks before a system breach occurs.

Understanding Complex IT Environments

Despite schools primarily returning to the classrooms, the ramifications from rapid acceleration of remote learning brought about during the pandemic are still being felt today–some of which present new challenges across the industry. With limited resources, visibility and budget, IT and security teams have been forced to address obstacles remotely. On the IT front, this can make it difficult to locate, track, manage and more importantly, reclaim missing devices–regardless of platform–from a single, cloud-based console.

Emerging concerns over the inability to measure student device usage and verify online activity remains a persistent challenge. This, in tandem with failing security controls such as encryption, outdated anti-malware, and vulnerable OS versions, has created a plethora of vulnerabilities and increased risks for cyberattacks.

Boosting Endpoint Visibility

Education organizations were found to have endpoints that were connecting in from nearly three locations per day (2.89). This may not be surprising given the digital nature of most schools today; however, paired with the analysis on sensitive data, it’s evident that corporate endpoints are at an increased risk of compromise.

Related:
4 key ways schools can strengthen and advance cybersecurity strategies
Ransomware attacks show continued rise in K-12 schools

IT leadership is an essential component of school and district operations, and in today’s post-pandemic landscape, K-12 IT security is critical in combatting increasing cybersecurity attacks that can cripple even the largest districts in a matter of moments.

It’s important to establish the right K-12 IT practices and policies that support teaching and learning–and it’s even better to share those best practices in the event that other K-12 IT leaders are seeking to establish the same kind of policies.

Here is K-12 IT advice from a handful of IT leaders:

1. The alarming disparity between prioritization and preparedness is indicative of the cybersecurity challenges school districts are facing. As the Director of Technology at Maconaquah School Corporation located in north-central Indiana, I know firsthand that implementing a proactive cybersecurity posture is a difficult and time-consuming–yet necessary–process. School districts are prime targets for hackers; therefore, we must be prepared.

In our own school corporation, we have adopted four key practices that enable us to continuously strengthen and advance our cybersecurity mitigation and prevention strategies. One of those strategies includes continuously identifying and addressing vulnerabilities. As with training, school districts should never remain idle when it comes to evaluating and addressing their vulnerabilities. We have spent the last few years identifying and fixing gaps in our cybersecurity posture and defenses. Conducting regular audits and evaluations has put our district in a stronger position, but the work is never complete. To be diligent, we must proactively assess our cybersecurity weaknesses and defenses regularly. [Read more]
–Chris Percival, Director of Technology, Maconaquah School Corporation

2. There is no doubt that cybersecurity is essential for all organizations in our modern world. However, security cannot be valued more than usability. The sad fact is that the only entirely secure computer system is one that have been unplugged and shut off. Cyberattacks will continue, and it will be important to ensure that every organization has strong backup and recovery plans in place. However, end user usability is just as important as security.

IT leaders need to ensure that usability is still the primary consideration in building IT systems. IT systems are of little value if they are not able to be used effectively by end users. Considerations of what level of additional steps end users are willing to take is essential. This is particularly important as many organizations still have a high number of remote workers. Make sure the warnings provided to end users are significant as well. Too many warnings can numb end users into assuming the IT department is crying wolf and they may stop paying attention to warnings. [Read more]
–Steven M. Baule, Ed.D., Ph.D., Faculty Member, Winona State University

In a 2022 survey, 72 percent of the participating school administrators responded that cybersecurity was either a priority or high priority for their district leadership and local school boards. However, only 14 percent of the respondents said their district was very prepared for a cyberattack event.

This alarming disparity between prioritization and preparedness is indicative of the challenges school districts are facing pertaining to cybersecurity. As the Director of Technology at Maconaquah School Corporation located in north-central Indiana, I know firsthand that implementing a proactive cybersecurity posture is a difficult and time-consuming–yet necessary–process. School districts are prime targets for hackers; therefore, we must be prepared.

In our own school corporation, we have adopted four key practices that enable us to continuously strengthen and advance our cybersecurity mitigation and prevention strategies.

1. Get Creative With Your Budget

Like many school districts, our IT budget has not increased to address the growing number and variety of cyber threats; in fact, it has stayed the same for the past five years. That can make it challenging to add new defenses, but we have found ways to strengthen our posture through strategic and creative financial planning.

One shift we have made is leveraging hosted and/or managed services to fill staffing gaps and eliminate expensive and unpredictable capital expenses. For example, we previously had an on-prem firewall solution that was managed by a former staff member. When they left, I made the decision to switch to ENA by Zayo’s hosted firewall so that I did not have to spend the time and money hiring and training a new employee who would likely leave after six months for a higher paying job in the private sector.

To attain leadership buy-in for this new direction, I broke down the monthly costs of buying a new on-prem firewall solution and included estimated hiring, training, and repair fees over the lifecycle of the equipment. This enabled district leaders to see a side-by-side cost comparison of using a hosted, cloud-based firewall service versus an on-prem solution. Once they saw those numbers and realized the hosting service also included access to ENA’s team of security experts, they supported the decision to transition to cloud-hosted firewall.

Additionally, evaluating tech and app user usage is another way we are freeing up funds to support cybersecurity. With so much money being invested in educational software, it is critical to monitor if teachers and students are using our paid learning tools. We regularly survey teachers and review usage data to assess and adjust our licensing. This enables us to free up budget dollars and reinvest these funds in proactive cybersecurity tools like DDoS mitigation. We adopt the same approach with infrastructure and network solutions, seeking out bundling and other cost-savings opportunities to free up funds we can use to support our cybersecurity strategies.

Related:
How K-12 IT leaders can protect schools from ransomware
Simplified K-12 cybersecurity streamlines student data access

More parents report experiencing ransomware attacks on their children’s schools, according to new data from Kaspersky. This year, 14 percent of American parents experienced ransomware attacks on their children’s K-12 schools while their child was a student, an increase from 9 percent last year.

Among schools that paid a ransom to their attackers, parents reported an average ransom of $887,360. In 2021, the average was just $375,311. The Ransomware Attacks on K-12 Schools report revealed a number of other findings related to parents’ experiences with these incidents.

In October 2022, Kaspersky surveyed 2,000 parents of school-age children in the United States to find out about their experiences with ransomware attacks on schools. The results are compared to a previous report that posed the same questions to a similar group of parents in October 2021, as well as to an earlier report in June 2021 asking parents more generally about cyberattacks on schools.

According to the survey results, a growing number of schools are opting to pay a ransom to their attackers, in order to restore their systems. In October 2021, 71% of parents who had experienced an attack said their school paid a ransom. This time, that figure rose to 76%, although 14% said their school didn’t pay, which was about the same as last time, while a shrinking percentage didn’t know. Ten percent of parents reporting an attack said the district paid a ransom of more than $1 million; up from 3.7% in 2021.

The rate of attacks on schools may still be rising. Forty-four percent of parents who have experienced an attack said it happened either last summer (2022) or during this school year – which is only partway over – compared to 42% who said it happened last school year (2021-2022) or the previous summer (2021). Fifteen percent said it happened during the 2020-2021 school year or earlier.

Despite the alarming rise of ransomware incidents in 2022, many education institutions still fail to address gaps in their protection protocols. A Sophos survey found that 64 percent of higher education and 56 percent of lower education institutions were hit by ransomware over the past year.

These statistics should raise some red flags as the education sector continues to lag behind in cyber defense practices, making them one of the most vulnerable industries. If an educational institution is attacked, administrators often don’t have the resources to respond, due in no small part to staffing shortages.

Administrators and IT leaders across the education sector need to leverage modern innovations like AI and machine learning (ML) to ensure data protection for faculty, staff, students and the institution as a whole. Let’s take a closer look at why education is so vulnerable and how school administrators can implement preventative and restorative measures to curb long-term effects.

The walls of protection continue to crumble in education

From 2020 to 2021, ransomware attacks on educational institutions jumped by 44 percent. These institutions are already–and will increasingly become–a target for ransomware. It’s no longer about if; it’s when, and various districts are learning from unfortunate experiences.

For example, the L.A. United School District (LAUSD) suffered a ransomware attack in September 2022. While the more than 400,000 K-12 students could continue attending class, the attack crippled several critical infrastructure capabilities like staff and student email. The Cybersecurity and Infrastructure Security Agency (CISA) eventually uncovered that the hacking group Vice Society was responsible for the attack, but not until they had already leaked thousands of sensitive and confidential documents, representing a significant security threat for students, employees, alums and parents. While this is the second large-scale ransomware attack against LAUSD, it is still unclear if the school district has taken steps to bolster cybersecurity moving forward.