Cyberattacks on public schools are becoming more common and more severe every year. Between 2020 and 2021, more than 56 percent of K-12 education organizations suffered ransomware attacks with an average cost of $268,000.
Most recently, an attack on the LA Unified School District in September 2022 conducted by the Russian hacking group Vice Society shut down access to emails, computer systems, and applications for more than half a million users. Before that, a ransomware attack on the school system in Buffalo, NY cost the state more than $10 million in damages.
How can these K-12 school districts defend themselves from these ransomware attacks? And why are they being targeted so frequently?
Part of the reason attackers target school districts is simply size–K-12 public schools are a $760 billion sector serving more than 50 million students at more than 100,000 schools across the United States, making them an available and tempting target. The other part of the reason is that public school districts have unique security challenges. With limited budgets and the continued use of legacy security systems, school districts are often unprepared for incoming ransomware attacks.
Other factors that contribute to this lack of preparation include:
- Reduced Budgets & Lack of Hiring: School districts have limited IT and security resources due to constricted budgets. This lack of investment in security resources requires small teams to protect very large, complex environments. School districts also often can’t compete with salaries offered by the companies in the private sector, so hiring experienced professionals can be difficult for districts that don’t have large budgets.
- Open environments and ever-changing users. School districts must keep their environments relatively open so students and teachers can access the system resources, applications, tools, and research from any type of device. Corporations can enforce stricter access rules, which makes security easier.
- Overly complicated tools: With limited resources and teams, more complicated security tools and manual legwork make life especially difficult for school districts. They need usability and simplicity.
All of these issues mean that school districts must do more with the few resources they are given. To compensate for this, they need security technology that fills in these gaps. It must be good at catching ransomware while also reducing the workload on IT teams. Many security products are designed to be used by a team of experts, and would actually create more work for a school district IT team.
Risk assessments are awful, but necessary
Ransomware attackers head back to school
To work well in a school district use case, security technology should be capable of the following:
- Automatic Analysis: The system should be able to automate the collection, correlation and analyzing of infrastructure-wide data sources for indicators of compromise and reducing alerts. This reduces the workload of small, overburdened teams and allows them to be more efficient at their jobs.
- Real Time Threat Detection: Advanced real-time threat detection based on a large set of included and constantly updated threat models and content is critical and provides faster identification of a ransomware, because they know they’ll be targeted.
- Ability to Adapt: By using a security system that leverages machine learning technology, school districts can adapt to variants of attacks. Having the ability to detect and adapt to new attacks and variants by hacking groups targeting K-12 specifically ensures further security across school districts.
- Delivery of Context: Delivery of simple, direct, and accurate context for validating the attack and eliminating false positives. Security teams won’t have the time or expertise for manual investigation
- Generating Risk Scores: Generated risk-driven and scored responses with supported workflows and case management for prioritizing and accelerating remediation efforts. Speed is essential for protecting against ransomware.
There’s no doubt that school districts have become a large target for ransomware attacks in recent years because of their limited security infrastructure and the amount of data, systems, and information they hold. Technology can help keep them safe, but only if it doesn’t create too much extra work for teams that are already stretched thin.
To better defend against ransomware, K-12 school districts should look for security technology that’s capable of protecting their systems, reducing the workload of limited security teams, and continuously adapting to new and incoming threats.