Threat actors — and particularly ransomware attackers — have education institutions in their crosshairs. From Vice Society’s September attack on schools in California to Snach’s late October assault on schools in Wisconsin, threat actors are not holding back when it comes to preying on schools. K-12 schools are the most vulnerable within the education industry, with many having only small staffs and even smaller budgets for defending against attacks. In addition, attacks have trickle-down effects on school staff, students and parents, who are often casualties in attacks that leak sensitive personally identifiable information (PII).
The X-Force Threat Intelligence Index consistently ranks education as one of the top ten targeted industries. Ransomware and adware are the top two attack types against education, according to the report, and phishing and brute force are the top infection vectors. Add to this that the average cost of a data breach for an educational institution is $3.86 million, and you have a recipe for a tough cybersecurity position for many schools today.
To the Defense
IBM recognizes this precarious situation for many schools, and so for the second year in a row has instituted the IBM Education Security Preparedness Grants program, aimed at helping educational institutions prepare for a significant cyberattack — such as ransomware — and create plans for resiliency.
IBM Security leaders recognized that their teams’ experience battling cyber threat actors — and especially ransomware actors — could provide significant benefits for the education sector, but that these services might not fit within the school’s budget.
One hundred and twenty schools applied for this year’s program in the US, with eight educational institutions in the US, Ireland and UAE receiving awards, and recipients in Costa Rica and Brazil to be announced in the near future.
This year’s winners include:
- City of Dublin Educational Training Board — Ireland
- Mohamed Bin Zayed University of Artificial Intelligence — UAE
- Cupertino Union School District — Sunnyvale, CA
- Rossville Cons. School District — Rossville, IN
- East China School District — East China, MI
- Newburgh Enlarged City School District — Newburgh, NY
- Goffstown School District — Goffstown, NH
- Prince William County Public Schools — Manassas, VA
Bringing in the Experts
The IBM Education Security Preparedness Grants program brings in cybersecurity experts and professional expertise from throughout IBM, with a focus on assistance from IBM Security X-Force. Over the course of several weeks, these experts will work with the institutions to improve their cybersecurity posture. This could include helping to create, hone and test incident response plans, develop ransomware playbooks, form vulnerability management plans, identify ways to incorporate new security technologies, and assist with cybersecurity awareness training.
Former participants have noted that “the IBM team was populated with top-tier experts and our team benefited greatly from all their knowledge and experience.” X-Force includes experts on penetration testing, incident response, threat intelligence, and cyber range simulations, who provide world-class consulting services for companies worldwide.
IBMers volunteer their time to support the Education Security Preparedness Grants and are motivated by the opportunity to support schools and the significance of the mission — helping to secure institutions that provide education for the next generation.
Nathan Abba, one of this year’s volunteers from the X-Force Incident Response team notes that, “This opportunity to volunteer my time and skills for community give-back at a K-12 school district is just personally rewarding. Knowing that IBM commits resources to help local communities makes me feel even better about being part of this company.”
Another volunteer, Priyank Chandra, from IBM Cloud Advisory, stated, “Schools are an important foundation of society and providing a secure foundation for their infrastructure is critical.” James Leone, a volunteer and IBM Cybersecurity Architect, recognizes that “cybersecurity is a talent that can be hard to find; I jumped at the chance to maximize the value of my contributions by volunteering this skillset.”
Previous recipients of IBM Education Security Preparedness Grants have realized concrete benefits for their school district as a result of the program. Brevard Public Schools, one of last year’s recipients, found the program extremely worthwhile. Barrett Puschus, Director of Information Technology for Brevard, noted that “before this grant, we were completely lacking in confidence in our cybersecurity. The IBM team came in and showed us how to create a cybersecurity strategy and plan for emergencies based on our needs. We feel optimistic about our cybersecurity posture today thanks to IBM’s help.”
IBM Security X-Force knows from experience that for many organizations, a significant cyberattack is not a matter of if, but when — and this appears to be increasingly true for schools. “If your main focus lies on keeping me out of your environment, then it’s already check mate,” Charles Henderson wrote in a Financial Times opinion piece last year. “Your mission should be to buy time, slow me down and ultimately contain my attack.”
The IBM Education Security Preparedness Grants are helping educational institutions worldwide to buy time, contain attacks, and appropriately respond when an incident occurs. Combined with additional initiatives to assist K-12 schools spearheaded by the US White House, CISA, K12 SIX, MS-ISAC, and others, IBM is contributing to a more robust cybersecurity posture for schools globally.
Get complete details on the IBM Education Security Preparedness Grants program here, and schedule a consult with IBM Security X-Force here.
Manager, X-Force Cyber Range Tech Team, IBM