When I was growing up, snow days (days off for inclement weather or heavy snowfall) weren’t uncommon. We’d get 24 hours or so of freedom, then mother nature would eventually step in and resolve the problem. But today’s kids are dealing with a new kind of snow day, one mother nature can’t help with — ransomware.

Unlike a snow day, a ransomware attack isn’t eventually remediated by mother nature. Instead, it can grind both school systems and classroom learning to a halt for days at a time, leaving behind a wake of destruction and financial woes.

More than 1,600 schools were targeted by ransomware in 2020 alone. This new emphasis on schools was highlighted in December when the FBI issued an alert warning that nearly 60% of ransomware incidents between August and September 2020 involved K-12 schools — a nearly 30% jump from the months prior.

And these attacks have a myriad of negative outcomes associated with them — costs to recover (or ransom payments to criminals) that can deplete already thin budgets; personnel, student and financial data can be compromised and leaked; and already delayed online learning can itself be disrupted. Forced school closures for days (or even weeks) at a time to remediate these attacks can have very real academic consequences for the nation’s youth, putting them behind in an already competitive education landscape.

https://youtu.be/Liw8VWz80rI

 A new attack surface

While ransomware is a known destructive threat to virtually every industry, its pursuit of schools is a fairly new focus. When COVID-19 forced schools across the country to quickly pivot to remote learning models, this expanded the attack surface for cybercriminals looking for quick and easy payouts. Attackers could take advantage of a plethora of groups new to navigating online systems. Everyone from kindergartners to staff and parents were experimenting with online classrooms, remote communications, offsite IT help and more.

Lack of cybersecurity awareness and training, shrinking educational budgets and scarce resources may also be why schools found themselves in cybercriminals’ crosshairs. A recent study by Morning Consult and sponsored by IBM Security surveyed 1,000 U.S. educators and administrators revealing how these factors may be contributing to industry risk:

  • Nearly 60% of educators and administrators say they haven’t been given cybersecurity training for remote learning, despite nearly 80% of educators reporting they’re using online learning.
  • Despite the FBI’s recent warning to schools, half of educators and administrators still aren’t concerned about impending cyberattacks.
  • More than half of administrators and educators say budget is a barrier in securing cybersecurity for their schools.
  • 60% of educators are using their own personal devices for remote learning, and 34% are doing so without any guidelines to protect those devices.

What schools can do now

School staff aren’t trained to be cybersecurity experts in addition to their work supporting students full time. However, there are a few things schools can do now to help educate and prepare staff so they have clear guidelines in the event of an attack.

  • Provide training. This might mean simply providing basic best practices related to device usage, password hygiene and safe video conferencing. Schools can also regularly test cybersecurity skills through email phishing exercises, or provide easy reference materials for staff through quick FAQ documents or short videos.
  • Make a plan. This could include putting together an incident response plan, or simply a phone tree to ensure the right personnel are contacted in the event of an attack and that students and parents are properly made aware of the situation. Once these plans are put in place they should also be rehearsed and tested, just like any other emergency such as fires or earthquakes.
  • Collaboration. One of the most crucial things any community can do to battle cyberattacks is collaborate. Whether schools open lines of communication with their local law enforcement, get lessons learned from neighboring schools that have witnessed an attack, or take advantage of free threat sharing services — the more intel gathered, the better prepared they can be for impending threats.

IT departments have a distinct set of actions they can take as well. A recent blog outlined several solid best practices technology teams can implement to help keep themselves safer from ransomware.

Dedicated to helping educators (and students) thrive

IBM Security is dedicated to helping prioritize cybersecurity in education, which is why they’ve recently announced a new $3 million grant aimed toward strengthening cybersecurity in schools. As part of the grant, IBM will provide expertise and services to up to six K-12 school districts in the United States to help them better prepare for and respond to cyberattacks. Eligible schools can now apply for the grant through March 1 via IBM.org.

If you have experienced a ransomware attack and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (Global). Learn more about X-Force’s threat intelligence and incident response services and how we help keep all organizations safer from cyber threats and offer powerful remediation for attacks that make it past your perimeter.

More from Cloud Security

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today