When I was growing up, snow days (days off for inclement weather or heavy snowfall) weren’t uncommon. We’d get 24 hours or so of freedom, then mother nature would eventually step in and resolve the problem. But today’s kids are dealing with a new kind of snow day, one mother nature can’t help with — ransomware.

Unlike a snow day, a ransomware attack isn’t eventually remediated by mother nature. Instead, it can grind both school systems and classroom learning to a halt for days at a time, leaving behind a wake of destruction and financial woes.

More than 1,600 schools were targeted by ransomware in 2020 alone. This new emphasis on schools was highlighted in December when the FBI issued an alert warning that nearly 60% of ransomware incidents between August and September 2020 involved K-12 schools — a nearly 30% jump from the months prior.

And these attacks have a myriad of negative outcomes associated with them — costs to recover (or ransom payments to criminals) that can deplete already thin budgets; personnel, student and financial data can be compromised and leaked; and already delayed online learning can itself be disrupted. Forced school closures for days (or even weeks) at a time to remediate these attacks can have very real academic consequences for the nation’s youth, putting them behind in an already competitive education landscape.

 A new attack surface

While ransomware is a known destructive threat to virtually every industry, its pursuit of schools is a fairly new focus. When COVID-19 forced schools across the country to quickly pivot to remote learning models, this expanded the attack surface for cybercriminals looking for quick and easy payouts. Attackers could take advantage of a plethora of groups new to navigating online systems. Everyone from kindergartners to staff and parents were experimenting with online classrooms, remote communications, offsite IT help and more.

Lack of cybersecurity awareness and training, shrinking educational budgets and scarce resources may also be why schools found themselves in cybercriminals’ crosshairs. A recent study by Morning Consult and sponsored by IBM Security surveyed 1,000 U.S. educators and administrators revealing how these factors may be contributing to industry risk:

  • Nearly 60% of educators and administrators say they haven’t been given cybersecurity training for remote learning, despite nearly 80% of educators reporting they’re using online learning.
  • Despite the FBI’s recent warning to schools, half of educators and administrators still aren’t concerned about impending cyberattacks.
  • More than half of administrators and educators say budget is a barrier in securing cybersecurity for their schools.
  • 60% of educators are using their own personal devices for remote learning, and 34% are doing so without any guidelines to protect those devices.

What schools can do now

School staff aren’t trained to be cybersecurity experts in addition to their work supporting students full time. However, there are a few things schools can do now to help educate and prepare staff so they have clear guidelines in the event of an attack.

  • Provide training. This might mean simply providing basic best practices related to device usage, password hygiene and safe video conferencing. Schools can also regularly test cybersecurity skills through email phishing exercises, or provide easy reference materials for staff through quick FAQ documents or short videos.
  • Make a plan. This could include putting together an incident response plan, or simply a phone tree to ensure the right personnel are contacted in the event of an attack and that students and parents are properly made aware of the situation. Once these plans are put in place they should also be rehearsed and tested, just like any other emergency such as fires or earthquakes.
  • Collaboration. One of the most crucial things any community can do to battle cyberattacks is collaborate. Whether schools open lines of communication with their local law enforcement, get lessons learned from neighboring schools that have witnessed an attack, or take advantage of free threat sharing services — the more intel gathered, the better prepared they can be for impending threats.

IT departments have a distinct set of actions they can take as well. A recent blog outlined several solid best practices technology teams can implement to help keep themselves safer from ransomware.

Dedicated to helping educators (and students) thrive

IBM Security is dedicated to helping prioritize cybersecurity in education, which is why they’ve recently announced a new $3 million grant aimed toward strengthening cybersecurity in schools. As part of the grant, IBM will provide expertise and services to up to six K-12 school districts in the United States to help them better prepare for and respond to cyberattacks. Eligible schools can now apply for the grant through March 1 via IBM.org.

If you have experienced a ransomware attack and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (Global). Learn more about X-Force’s threat intelligence and incident response services and how we help keep all organizations safer from cyber threats and offer powerful remediation for attacks that make it past your perimeter.

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today