When I was growing up, snow days (days off for inclement weather or heavy snowfall) weren’t uncommon. We’d get 24 hours or so of freedom, then mother nature would eventually step in and resolve the problem. But today’s kids are dealing with a new kind of snow day, one mother nature can’t help with — ransomware.

Unlike a snow day, a ransomware attack isn’t eventually remediated by mother nature. Instead, it can grind both school systems and classroom learning to a halt for days at a time, leaving behind a wake of destruction and financial woes.

More than 1,600 schools were targeted by ransomware in 2020 alone. This new emphasis on schools was highlighted in December when the FBI issued an alert warning that nearly 60% of ransomware incidents between August and September 2020 involved K-12 schools — a nearly 30% jump from the months prior.

And these attacks have a myriad of negative outcomes associated with them — costs to recover (or ransom payments to criminals) that can deplete already thin budgets; personnel, student and financial data can be compromised and leaked; and already delayed online learning can itself be disrupted. Forced school closures for days (or even weeks) at a time to remediate these attacks can have very real academic consequences for the nation’s youth, putting them behind in an already competitive education landscape.

 A New Attack Surface

While ransomware is a known destructive threat to virtually every industry, its pursuit of schools is a fairly new focus. When COVID-19 forced schools across the country to quickly pivot to remote learning models, this expanded the attack surface for cybercriminals looking for quick and easy payouts. Attackers could take advantage of a plethora of groups new to navigating online systems. Everyone from kindergartners to staff and parents were experimenting with online classrooms, remote communications, offsite IT help and more.

Lack of cybersecurity awareness and training, shrinking educational budgets and scarce resources may also be why schools found themselves in cybercriminals’ crosshairs. A recent study by Morning Consult and sponsored by IBM Security surveyed 1,000 U.S. educators and administrators revealing how these factors may be contributing to industry risk:

  • Nearly 60% of educators and administrators say they haven’t been given cybersecurity training for remote learning, despite nearly 80% of educators reporting they’re using online learning.
  • Despite the FBI’s recent warning to schools, half of educators and administrators still aren’t concerned about impending cyberattacks.
  • More than half of administrators and educators say budget is a barrier in securing cybersecurity for their schools.
  • 60% of educators are using their own personal devices for remote learning, and 34% are doing so without any guidelines to protect those devices.

What Schools Can Do Now

School staff aren’t trained to be cybersecurity experts in addition to their work supporting students full time. However, there are a few things schools can do now to help educate and prepare staff so they have clear guidelines in the event of an attack.

  • Provide Training. This might mean simply providing basic best practices related to device usage, password hygiene and safe video conferencing. Schools can also regularly test cybersecurity skills through email phishing exercises, or provide easy reference materials for staff through quick FAQ documents or short videos.
  • Make a plan. This could include putting together an incident response plan, or simply a phone tree to ensure the right personnel are contacted in the event of an attack and that students and parents are properly made aware of the situation. Once these plans are put in place they should also be rehearsed and tested, just like any other emergency such as fires or earthquakes.
  • Collaboration. One of the most crucial things any community can do to battle cyberattacks is collaborate. Whether schools open lines of communication with their local law enforcement, get lessons learned from neighboring schools that have witnessed an attack, or take advantage of free threat sharing services — the more intel gathered, the better prepared they can be for impending threats.

IT departments have a distinct set of actions they can take as well. A recent blog outlined several solid best practices technology teams can implement to help keep themselves safer from ransomware.

Dedicated to Helping Educators (and Students) Thrive

IBM Security is dedicated to helping prioritize cybersecurity in education, which is why they’ve recently announced a new $3 million grant aimed toward strengthening cybersecurity in schools. As part of the grant, IBM will provide expertise and services to up to six K-12 school districts in the United States to help them better prepare for and respond to cyberattacks. Eligible schools can now apply for the grant through March 1 via IBM.org.

If you have experienced a ransomware attack and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (Global). Learn more about X-Force’s threat intelligence and incident response services and how we help keep all organizations safer from cyber threats and offer powerful remediation for attacks that make it past your perimeter.

More from Cloud Security

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…

How to Implement Cloud Identity and Access Governance

Creating identity and access governance across cloud environments is crucial for modern organizations. In our previous post, we discussed how important human and non-human identities are for these environments and why their management and the governance of their access can be difficult. In the face of these challenges, our cloud identity and access governance (CIAG) approach offers an orchestration layer between cloud identity and access management (IAM) and enterprise IAM, as the following graphic shows. As we continue our CIAG…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…