Now considered a "national security risk," ransomware continues to dominate the news, its impact felt across virtually all industries, from healthcare to utilities, government, telecommunications, education, and beyond. And it’s showing no signs of slowing down.
In fact, ransomware attacks in the education sector are on the rise. Between 2019 and 2020, there was a 19% increase in ransomware and other cyberattacks targeting K-12 schools. Between 2021 and 2022, 56% of K-12 education organizations were hit by ransomware, a nearly 25% increase from the previous year.
Ransomware is a type of malware (or malicious software) that infiltrates a victim’s device or network and encrypts their data, rendering it inaccessible. The hacker then holds the data ransom, demanding payment from the victim in exchange for restoring the encrypted data.
However, even paying the ransom does not guarantee that your data will be restored in its entirety. According to the 2022 State of Ransomware Report from Sophos, “While paying the ransom almost always gets you some data back, the percentage of data restored after paying has dropped. On average, organizations that paid got back only 61% of their data," leaving almost 40% of their data inaccessible.
The annual survey confirmed that the education sector, along with retail, reported the highest percentage of organizations hit by ransomware last year. And even more concerning, education ranked in the lower third of sectors able to stop their data from being encrypted in the event of an attack.
There are several reasons ransomware attacks are targeting schools, including…
In addition to disrupting student learning, ransomware threatens a school or districts’ data security and student privacy and can incur a heavy price tag, whether in the form of ransom demanded or the cost to recover encrypted data.
To bolster your district’s defenses against ransomware and other cyberattacks, we recommend establishing a multi-layered approach to cybersecurity. In a multi-layered approach, each component of your cybersecurity plan has a backup to counter any flaws or gaps, working together to build a solid foundation for your cybersecurity program.
Here are some of the fundamental security layers for K-12 schools:
But beware: having a secure backup of your data is no longer enough to thwart the ransom demands of cybercriminals. Keen to this tactic, hackers are now exfiltrating their victims’ data and if the victim does not agree to pay the ransom, the hackers release the sensitive files and may even alert the media that the hack occurred.
A real-world example of this in K-12 education is the Clark County School District in Las Vegas. As reported by the Wall Street Journal, “a hacker published documents containing Social Security numbers, student grades and other private information after officials refused a ransom demanded in return for unlocking district computer servers.”
This means that even if an organization can recover their systems and data quickly following a ransomware attack, they may still end paying the ransom to protect their reputation and limit the exposure of sensitive information.
The bottom line? The threat of ransomware is real, and no single tool is foolproof, which is why we recommend that schools implement multiple cybersecurity layers to identify threats, protect their networks, and safeguard student privacy in the fight against ransomware
Your cybersecurity toolkit should also be reviewed regularly. Because the cyber threat landscape is evolving so quickly, if your district is relying on the same tools you were using even just a few years ago, there are likely gaps in your security that cybercriminals are eager to uncover and exploit.
And new threats are constantly forming. These are known as "zero-day” threats."
A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.
Zero-day threats haven’t been seen before and because of this, they can evade traditional solutions that use the signatures of known malware to detect threats. And that means relying on traditional cybersecurity tools such as antivirus software is not enough.
While signature-based detection tools are an important first layer to protect your users and network from known threats, your cybersecurity plan should also account for the new and increasingly sophisticated threats that are emerging every day.
Most of the commonly deployed cybersecurity tools focus on keeping cybercriminals out. But what if a hacker exploits a vulnerability and sneaks past your school’s defenses? Would you be able to detect the breach? And how would you respond to the threat? These are critical considerations as schools work to avoid both the cost and the disruption associated with a cyberattack.
In response to these questions, organizations—particularly those without a large internal IT department—are increasingly turning to managed security solutions that offer advanced capabilities to defend against emerging threats while also shifting the responsibility of detection and response away from their organization.
Known as managed threat detection (MTR) or managed detection and response (MDR), these advanced security solutions actively monitor, hunt, and respond to threats in real time. But MTR and MDR are not simply automated processes; rather, they integrate machine learning with a highly trained human element in the form of a 24/7 threat response team or Security Operations Center (SOC).
For organizations, these managed services provide the peace of mind of knowing that cybersecurity experts are monitoring your network at all times, including the weekends, holidays, and overnight hours in which your IT staff isn’t available—all of which are prime times for cyberattacks. They are also able to analyze activity on your network based on the context of your unique environment.
For example, if a user logs in during off-hours or is accessing files he or she doesn’t usually interact with, the team analyzes that activity to determine if a breach has occurred. If a threat is identified, the affected device or endpoint can be isolated from the network, preventing widespread damage and data loss.
Too many stories have hit the news describing the gut-wrenching feeling of a school’s staff or administration turning on their computers in the morning, only to discover that their data is encrypted or their systems inaccessible. And with limited resources both in funding and staffing, the fight against ransomware and other attacks can feel hopeless.
But your district doesn’t have to be the next target. School districts can shift the tide by continuing to build their cybersecurity defenses:
As long as the education sector remains a lucrative opportunity for cybercriminals, schools will continue to be a target. By building up your layers of protection now, you can position your district to be in the best possible position to respond to the evolving threat landscape.
Is your school district prepared to detect and respond to a breach? Whether you need help building your cybersecurity layers or are looking for a trusted partner to manage your cybersecurity program for you, the team at Prosource is here to help you fortify your defenses, secure your district’s network, and safeguard student data and privacy.
We protect and power more than 200 school districts with IT and cybersecurity solutions built for the needs and budget considerations of K-12 schools. Contact us to discuss your needs and how your school can take a proactive approach to cybersecurity.