The State Of Cyber Security In Schools
As a school district, you have a responsibility to protect student data from unauthorized access. But with increasingly sophisticated hackers targeting the education sector at an unprecedented rate, cyber security isn’t so simple. You need to know exactly what security threats you’re up against, where your district may be vulnerable, and how you can better manage cyber risk.
Fortunately, that’s why we’re here. To help you prepare for a potential attack, let’s review the state of cyber security in schools and what your district can do to protect sensitive data and personal information.
Checking in on school cyber security
The bad news is that the education sector has a long road ahead of itself when it comes to information technology and cyber security. In fact, if you take a closer look at the American school system, you’ll start to realize that major data loss incidents are happening left and right.
Take the case of South Redford School District in Michigan. When hackers breached the school network in late September, the district closed school for two days while it investigated the attack. Thankfully, the school’s security management team isolated the cyber threat before it could access student data.
The Los Angeles Unified School District (LAUSD) wasn’t so fortunate. Earlier that same month, Russian-speaking hackers — a group known as Vice Society — launched a ransomware attack that disrupted access to information technology, including email, computer systems and cloud applications. One month after LAUSD refused to pay the ransom demand, the hackers leaked over 500GB of sensitive data.
The LAUSD ransomware attack is widely considered the largest education breach in recent years, but it’s far from an isolated incident. In reality, it’s just one example of K-12 education’s increasingly complicated cyber security landscape. The top publicly disclosed security threats include:
- Ransomware: Ransomware attacks like the event described above involve cyber criminals accessing personal information and holding it hostage in exchange for payment. Globally, ransomware attacks are expected to cost $265 billion annually by 2031.
- Data breach: This umbrella term may include any type of cyber attack that involves a threat actor gaining unauthorized access to sensitive data.
- Data leak: Not every threat necessarily has a malicious hacker on the other end of it. Sometimes, whether intentionally or not, students and staff may disclose private information to the public (such as in an email or erroneously shared Google Doc).
- Phishing: Hackers often attempt to fool their targets into providing login credentials or personal information that could lead to more sensitive data. Scammers may send seemingly safe emails to school accounts or entice users to click a link in a text message or on a website under the guise of a name they recognize.
- Typosquatting: Another increasingly dangerous cyber threat impacting the education sector is typosquatting. Also called URL hijacking, this social engineering tactic relies on users making typos when typing in a URL or clicking on a link. They pose as legitimate school domains, but are actually malicious websites that collect personal information.
- DDoS: A Distributed-Denial-of-Service attack is when a threat actor makes a certain resource temporarily inaccessible, such as the school network.
- Third-party vendors: Information technology vendors, such as cloud service providers, normally have access to school data. If their own cyber security posture is weak, they may be breached or leak information private to the district.
According to the K-12 Security Information Exchange (K12 SIX), security threats like these have risen steadily since 2016. Averaged over the last six years, this equates to more than one incident per school day. K12 SIX claims that anecdotal evidence suggests there could be 10 to 20 times more events that go undisclosed every year.
Why are cyber attacks on the rise at school?
The truth is that hackers have been stepping their game up across the board. Industries of all shapes and sizes are experiencing a significant uptick in cyber security threats as more organizations migrate critical information to the cloud.
The problem? The education sector is far and away a hacker’s favorite target. According to Microsoft’s global threat activity database, schools have experienced nearly 7 million more malware encounters in the last 30 days than the next most affected industry, which has just under 900,000.
Simply put, student data is an enticing target for hackers looking to make a quick penny. A single school system is a treasure trove of sensitive data that could go for big bucks on the dark web. Also, it would be incredibly damaging for a district if that information were leaked on the internet for anyone to access.
According to Doug Levin, co-founder of K12 SIX, many people assume hackers have better ways to spend their time than targeting student data.
“This is among the biggest misconceptions held about school cyber incidents,” Levin told Education Week. “Schools manage more than enough money to capture the attention of cyber criminals, to say nothing of the value of the data they hold. While most cyber criminals couldn’t care less about students’ algebra grades, it turns out that the identity information of minors is especially valuable to criminals interested in perpetrating credit and tax fraud.”
What’s also important is that schools are considered critical infrastructure that need to remain operational. This makes them more likely to cough up a massive ransom payment to get systems back up and running quickly.
School cyber security challenges
Unfortunately, many school districts are unprepared to keep these daring cyber criminals at bay. There are many factors that limit their ability to manage cyber risk. Here some of the most important:
- Lack of staffing: Many schools lack the numbers to effectively monitor student data at scale. Even worse, some schools don’t have any cloud security whatsoever.
- Lack of budget: K-12 schools – especially those that are public — have tight budgets. IT departments often have a hard time communicating with school administrators the need for cyber security resources.
- Absence of policy: Cyber security in schools is highly variable district to district. In other words, there isn’t a single framework for educators to follow, which makes it difficult to implement best practices at scale.
Notably, the size of the district doesn’t necessarily mean protecting student data is any easier. According to Levin, larger school systems have more money, manage more users, and contain far more devices. All of these factors increase their vulnerability to security threats, as their already limited resources are stretched exceedingly thin.
How to improve cyber security in your district
Don’t worry: There’s plenty you can do to strengthen your school’s cyber security posture. Let’s take a look at some helpful strategies you can use to improve security management:
Choose a framework to focus your effort
As mentioned, there isn’t a single standard that school districts follow. Do your research and identify a framework that works best for your school. We recommend starting with the NIST’s framework for K-12 school districts.
Once you’ve decided on a set standard, start implementing it. Create a formal cyber security policy around that framework, including a threat response plan and set of protocols in case of a cyber attack.
Vet your third-party vendors
Review your list of cloud service providers. Two of the most common are Google Workspace and Microsoft 365. But don’t stop there — take a good hard look at your entire information technology stack. Assess each vendor’s security policy and see whether they have a history of data loss incidents.
Raise awareness for staff and students
They say knowing is half the battle, which is why cyber security education is so important. Teach students and staff best practices when handling personal information, including how to spot scams, malware, and other threats before it’s too late.
Automate monitoring and workflows
Your security team can only do so much at a time. That’s why automation is your best friend. Deploying security technologies that automate risk detection and other important workflows so that you can cover all your bases. That way, your team can operate with the confidence that sensitive data is always under wraps — even when they’re off the clock.
The advantages of data loss prevention
Data loss prevention (DLP) is the process of detecting and preventing data breaches and leaks in your school district. Therefore, cloud DLP is exactly that same process, except applied specifically to cloud applications like Google Workspace or Microsoft 365.
Cloud DLP uses preconfigured and customizable policies to automate threat detection. When a policy violation occurs, DLP solutions rapidly alert your designated point person with the most relevant information. With key details in hand, they can investigate the incident with speed and ease.
As an extension of your team, you can monitor your entire cloud domain no matter the size of your district. By keeping an eye over your cloud data at all times, cloud DLP tools like ManagedMethods help you cyber smarter, not harder. Not only does it simplify cyber security in schools, but it also empowers you to streamline workflows and better protect your students from digital harm.
*** This is a Security Bloggers Network syndicated blog from ManagedMethods authored by Alexa Sander. Read the original post at: https://managedmethods.com/blog/the-state-of-cyber-security-in-schools/