When I was growing up, snow days (days off for inclement weather or heavy snowfall) weren’t uncommon. We’d get 24 hours or so of freedom, then mother nature would eventually step in and resolve the problem. But today’s kids are dealing with a new kind of snow day, one mother nature can’t help with — ransomware.

Unlike a snow day, a ransomware attack isn’t eventually remediated by mother nature. Instead, it can grind both school systems and classroom learning to a halt for days at a time, leaving behind a wake of destruction and financial woes.

More than 1,600 schools were targeted by ransomware in 2020 alone. This new emphasis on schools was highlighted in December when the FBI issued an alert warning that nearly 60% of ransomware incidents between August and September 2020 involved K-12 schools — a nearly 30% jump from the months prior.

And these attacks have a myriad of negative outcomes associated with them — costs to recover (or ransom payments to criminals) that can deplete already thin budgets; personnel, student and financial data can be compromised and leaked; and already delayed online learning can itself be disrupted. Forced school closures for days (or even weeks) at a time to remediate these attacks can have very real academic consequences for the nation’s youth, putting them behind in an already competitive education landscape.

 A new attack surface

While ransomware is a known destructive threat to virtually every industry, its pursuit of schools is a fairly new focus. When COVID-19 forced schools across the country to quickly pivot to remote learning models, this expanded the attack surface for cybercriminals looking for quick and easy payouts. Attackers could take advantage of a plethora of groups new to navigating online systems. Everyone from kindergartners to staff and parents were experimenting with online classrooms, remote communications, offsite IT help and more.

Lack of cybersecurity awareness and training, shrinking educational budgets and scarce resources may also be why schools found themselves in cybercriminals’ crosshairs. A recent study by Morning Consult and sponsored by IBM Security surveyed 1,000 U.S. educators and administrators revealing how these factors may be contributing to industry risk:

• Nearly 60% of educators and administrators say they haven’t been given cybersecurity training for remote learning, despite nearly 80% of educators reporting they’re using online learning.
• Despite the FBI’s recent warning to schools, half of educators and administrators still aren’t concerned about impending cyberattacks.
• More than half of administrators and educators say budget is a barrier in securing cybersecurity for their schools.
• 60% of educators are using their own personal devices for remote learning, and 34% are doing so without any guidelines to protect those devices.

What schools can do now

School staff aren’t trained to be cybersecurity experts in addition to their work supporting students full time. However, there are a few things schools can do now to help educate and prepare staff so they have clear guidelines in the event of an attack.

• Provide training. This might mean simply providing basic best practices related to device usage, password hygiene and safe video conferencing. Schools can also regularly test cybersecurity skills through email phishing exercises, or provide easy reference materials for staff through quick FAQ documents or short videos.
• Make a plan. This could include putting together an incident response plan, or simply a phone tree to ensure the right personnel are contacted in the event of an attack and that students and parents are properly made aware of the situation. Once these plans are put in place they should also be rehearsed and tested, just like any other emergency such as fires or earthquakes.
• Collaboration. One of the most crucial things any community can do to battle cyberattacks is collaborate. Whether schools open lines of communication with their local law enforcement, get lessons learned from neighboring schools that have witnessed an attack, or take advantage of free threat sharing services — the more intel gathered, the better prepared they can be for impending threats.

IT departments have a distinct set of actions they can take as well. A recent blog outlined several solid best practices technology teams can implement to help keep themselves safer from ransomware.

Dedicated to helping educators (and students) thrive

IBM Security is dedicated to helping prioritize cybersecurity in education, which is why they’ve recently announced a new $3 million grant aimed toward strengthening cybersecurity in schools. As part of the grant, IBM will provide expertise and services to up to six K-12 school districts in the United States to help them better prepare for and respond to cyberattacks. Eligible schools can now apply for the grant through March 1 via IBM.org.

If you have experienced a ransomware attack and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (Global). Learn more about X-Force’s threat intelligence and incident response services and how we help keep all organizations safer from cyber threats and offer powerful remediation for attacks that make it past your perimeter.