An increasing consequence of the COVID crisis has been the rash of ransomware attacks being unleashed upon various organizations. Whether enterprise-level or SMB, government or private, no business is immune from being targeted, as hackers take advantage of the confusion caused by the crisis. Take a moment to learn how to utilize cybersecurity techniques to protect your school district from ransomware attacks.
Previously, we discussed the threat South Dakota rural hospitals and other medical institutions faced from ransomware attacks. These threats are representative of the increased targeting that medical institutions are facing. In fact, The HIPAA Journal is tracking data breaches to cost the healthcare industry $4 billion in 2020, with next year shaping up to be worse.
Using healthcare as a model for what makes for a good ‘soft’ target, hackers have expanded what they consider to be fair game. They have now increased their attention to another institution under stress due to the coronavirus: schools.
In a recent report by the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2019 Year in Review, public K-12 education agencies experienced a total of 348 cybersecurity incidents during the year 2019, almost three times as many incidents as were publicly disclosed during 2018. Note, this was before the coronavirus hit.
Spurred on by the pandemic, we can expect the volume of cyberattacks to increase in 2020 once the numbers are in, and keep growing.
Ironically, the very thing that has allowed school districts to provide remote learning to their students has caused their schools to be targeted by hackers; the use and reliance on technology.
As remote learning tracks to become a permanent fixture in some communities, many school districts are finding that they are not only woefully underprepared for remote learning, hackers know it... and are taking advantage of it.
Even before the pandemic, school districts from around the country had been victims of ransomware attacks designed to lock them out of their systems. Despite this, schools were still able to provide education even if they were locked out or opted not to pay the ransom. This is because they could rely on their institutional knowledge and access traditional learning materials, i.e., books and in-person learning. While certainly inconvenient, they retained the ability to educate their students.
Now, due to the coronavirus and the social distancing requirements it imposes, most school districts rely on hybrid or remote learning; making them singularly dependent on their technology to provide education to their students. Unfortunately, this means if a school district is under a ransomware attack and gets locked out of its systems, teachers can’t teach. Even using traditional methods, such as in-person classes, is impossible due to social distancing regulations.
The simple answer is that most schools don’t have a coordinated cybersecurity plan in place. While school districts are focused on providing effective remote learning, they are often doing it at the expense of developing a robust security defense in exchange for convenience.
In fact, before the current crisis, many school districts were using under-developed cybersecurity protocols, and in doing so, unwittingly exposing their systems and data to attack. The difference between then and now is the number of schools relying on technology to provide instruction. This reliance allows cybercriminals to strike.
Moreover, many school districts felt that they had nothing of value a hacker would want and saw little reason to commit the resources needed to buttress their cybersecurity. This mistake was due to not understanding what today’s hacker is interested in. While their students may not have credit card information to steal, it’s control of the school’s data itself that motivates today’s attacks.
What makes the data is so valuable is that, if the schools lose access to it or even to the computers themselves, they may be unable to provide remote learning to their students. This translates to not being able to provide instruction at all, placing students even further at risk of falling behind. Previously when we asked if your school was remote ready, we focused on the logistics of remote learning. In today’s environment being remote ready must encompass being able to defend against ransomware attacks.
As you can imagine, such an outage can be devastating to students who are already struggling to meet their learning challenges, and so will the pressure to settle and pay the ransom. With the pressure to continue to provide instruction essential to student success, a cyberattacker who can disrupt the flow of information will wield considerable leverage. Fortunately, with planning, a school district can fight back and regain control of their data.
It is fair to say that the lack of a viable backup places your school at the mercy of the hackers, a group of criminals not known for their generosity or compassion. To go one step further, without a backup a school district may have to choose between paying the ransom (and hope the data is released) or refuse to pay and attempt to rebuild their data using whatever bits and pieces they have managed to cobble together. Neither option is great and will require considerable time and financial resources when little can be spared during the pandemic.
A BDR (backup and recovery solution) gives your school district the peace of mind and confidence to resist a ransomware attack. When considering a backup and recovery plan, your school district should ensure it has at least the following benefits:
Ransomware attacks against school districts have been increasing in frequency and magnitude throughout the nation; however, schools are not the only industry under attack. As the pandemic lingers on, a growing number of industries, including manufacturers, hospitals and more are staggering under the stress. Never one to let an opportunity pass by, hackers are focusing their attention on those industries that can’t afford to lose access to their data, regardless of their size. Don’t think because you’re a smaller business, you won’t be targeted, because even if you don’t hear about small business breaches, they happen.
When the pandemic first struck, many school districts had to develop an operating plan on the fly to provide instruction to their students. However, as we have seen, a lack of long-term cybersecurity planning has created opportunities for bad actors to compromise your data, putting at risk the objective you’ve been striving to accomplish, the education of your students. KT Connections can provide you with personalized cybersecurity solutions designed to not only protect your sensitive data from a ransomware attack, but help your team be more productive.
Call 888-891-4201 today to schedule an appointment and take the first step towards ensuring your students will be able to receive the support they deserve.