When I was growing up, snow days (days off for inclement weather or heavy snowfall) weren’t uncommon. We’d get 24 hours or so of freedom, then mother nature would eventually step in and resolve the problem. But today’s kids are dealing with a new kind of snow day, one mother nature can’t help with — ransomware.

Unlike a snow day, a ransomware attack isn’t eventually remediated by mother nature. Instead, it can grind both school systems and classroom learning to a halt for days at a time, leaving behind a wake of destruction and financial woes.

More than 1,600 schools were targeted by ransomware in 2020 alone. This new emphasis on schools was highlighted in December when the FBI issued an alert warning that nearly 60% of ransomware incidents between August and September 2020 involved K-12 schools — a nearly 30% jump from the months prior.

And these attacks have a myriad of negative outcomes associated with them — costs to recover (or ransom payments to criminals) that can deplete already thin budgets; personnel, student and financial data can be compromised and leaked; and already delayed online learning can itself be disrupted. Forced school closures for days (or even weeks) at a time to remediate these attacks can have very real academic consequences for the nation’s youth, putting them behind in an already competitive education landscape.


 A new attack surface

While ransomware is a known destructive threat to virtually every industry, its pursuit of schools is a fairly new focus. When COVID-19 forced schools across the country to quickly pivot to remote learning models, this expanded the attack surface for cybercriminals looking for quick and easy payouts. Attackers could take advantage of a plethora of groups new to navigating online systems. Everyone from kindergartners to staff and parents were experimenting with online classrooms, remote communications, offsite IT help and more.

Lack of cybersecurity awareness and training, shrinking educational budgets and scarce resources may also be why schools found themselves in cybercriminals’ crosshairs. A recent study by Morning Consult and sponsored by IBM Security surveyed 1,000 U.S. educators and administrators revealing how these factors may be contributing to industry risk:

  • Nearly 60% of educators and administrators say they haven’t been given cybersecurity training for remote learning, despite nearly 80% of educators reporting they’re using online learning.
  • Despite the FBI’s recent warning to schools, half of educators and administrators still aren’t concerned about impending cyberattacks.
  • More than half of administrators and educators say budget is a barrier in securing cybersecurity for their schools.
  • 60% of educators are using their own personal devices for remote learning, and 34% are doing so without any guidelines to protect those devices.

What schools can do now

School staff aren’t trained to be cybersecurity experts in addition to their work supporting students full time. However, there are a few things schools can do now to help educate and prepare staff so they have clear guidelines in the event of an attack.

  • Provide training. This might mean simply providing basic best practices related to device usage, password hygiene and safe video conferencing. Schools can also regularly test cybersecurity skills through email phishing exercises, or provide easy reference materials for staff through quick FAQ documents or short videos.
  • Make a plan. This could include putting together an incident response plan, or simply a phone tree to ensure the right personnel are contacted in the event of an attack and that students and parents are properly made aware of the situation. Once these plans are put in place they should also be rehearsed and tested, just like any other emergency such as fires or earthquakes.
  • Collaboration. One of the most crucial things any community can do to battle cyberattacks is collaborate. Whether schools open lines of communication with their local law enforcement, get lessons learned from neighboring schools that have witnessed an attack, or take advantage of free threat sharing services — the more intel gathered, the better prepared they can be for impending threats.

IT departments have a distinct set of actions they can take as well. A recent blog outlined several solid best practices technology teams can implement to help keep themselves safer from ransomware.

Dedicated to helping educators (and students) thrive

IBM Security is dedicated to helping prioritize cybersecurity in education, which is why they’ve recently announced a new $3 million grant aimed toward strengthening cybersecurity in schools. As part of the grant, IBM will provide expertise and services to up to six K-12 school districts in the United States to help them better prepare for and respond to cyberattacks. Eligible schools can now apply for the grant through March 1 via IBM.org.

If you have experienced a ransomware attack and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (Global). Learn more about X-Force’s threat intelligence and incident response services and how we help keep all organizations safer from cyber threats and offer powerful remediation for attacks that make it past your perimeter.

More from Cloud Security

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today