Key points:
School is over, but for administrators there is no final bell. Ransomware attacks in education are doubling year after year And the arrival of summer vacations doesn't mean that fewer attacks are expected. Recent history shows that hackers actually increase their activity during vacations and long weekends.
The good news is that summer skeleton crews can fight back, slowly but surely, by focusing their limited resources on mapping ecosystems, patching devices, and enforcing strict password practices.
When classrooms empty, cyber threats multiply
Check Point Research It supports the theory that while we're out enjoying the sunshine, hackers are heading to work. They know that most employees are on vacation, security teams are short-staffed, and schools are “Data-rich, resource-poor.”
They are also aware that most schools are still catching up with the rapid digitalization imposed by remote learning and COVID-19 lockdowns. A clear example occurred in 2022 when the Los Angeles Unified School District, the second-largest school system in the country, He was the victim of a ransomware attack over Labor Day weekendThe breach resulted in a significant data leak, compromising sensitive student information.
Unfortunately, things haven't improved much since this massive leak. A report from last year by Emsisoft A study revealed a surge in cyberattacks on primary and secondary schools, with cases doubling from 45 in 2022 to 108 in 2023. This escalation is no coincidence. Cybercriminals target schools because they host saleable information on relatively outdated systems with weaker defenses. For malicious actors, summer vacation represents a golden opportunity to exploit network backdoors and potentially remain undetected for weeks, maximizing the impact and profitability of the attack.
Education must therefore take the target off your hands. This involves a two-pronged approach: strengthening security measures and making attacks less profitable. Summer presents an ideal opportunity to put these two crucial improvements into action.
Three steps to strengthen school cybersecurity
As for the first point (strengthening security measures), IT can make a big difference in school cybersecurity today and tomorrow by focusing on three elements during the holidays.
First, start with a complete inventory of all devices connected to the network. A unified endpoint management platform, for example, can reveal the extent of the ecosystem. Here's what x=6FiXIQ” target=”_blank” rel=”noreferrer noopener”>Barnaby School District of Canada It did this across its 41 elementary schools and 8 high schools, and discovered over 2,000 additional endpoints than previously thought. In effect, this represents 2,000 potential entry points into the network. Knowing what is connected is the first step to protecting what is connected.
Next, make sure each endpoint is updated with the latest software. About half (45 percent) of the software vulnerabilities reported last year remain unpatched, which is a major concern considering that such exploitable vulnerabilities are responsible for almost two thirds of all data breaches. Good patch management Start by establishing a strategy for implementation, such as setting up alerts and leveraging unified consoles, and working toward regular device audits, patch testing, and rollback plans.
Finally, access needs to be taken seriously. Complex passwords backed by multi-factor authentication are the gold standard for a reason. If hackers crack a device’s password, asking for an additional phone code or fingerprint scan puts another obstacle in their path. Before something like zero-trust network architecture is enforced in education, as in the military (and here’s hoping), administrators can effectively thwart hackers without spending a fortune by implementing stricter access controls.
A summer test Education cannot afford to fail
Schools cannot meet this challenge alone. We need policymakers and school districts to step up, not just during the summer, but all year long. Your support is vital to funding additional resources and addressing the second point: making attacks less financially profitable.
One area that demands top-down leadership is the issue of ransom payments. The education sector faces the highest rates of ransomware attacks across all industries, with About half (47 percent) of schools affected around the world paying to recover stolen data. While banning ransom payments could help deter these criminals, I recognize that this is a complex problem with no easy solutions..
It is encouraging that cybersecurity coordination is moving forward at the national level. This March The Government Coordinating Council for the Educational Facilities Subsector was formed. This collaborative effort brings together federal, state, and local governments to provide schools with essential guidance and resources to strengthen their cyber resilience. By leveraging the expertise of the Department of Education and the Cybersecurity and Infrastructure Security Agency, schools can make significant strides in protecting data and safeguarding staff and students.
As we enjoy the summer, let’s not forget the cybersecurity challenges facing our schools. By focusing on device inventory, software updates, and access control, security teams can go a long way toward thwarting potential attacks and laying the groundwork for the new school year.
The summer months may be a respite for students, but they are the ultimate test for school cybersecurity—and one we can’t afford to fail.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=();t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)(0);
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘6079750752134785’);
fbq(‘track’, ‘PageView’);
