Threat actors — and particularly ransomware attackers — have education institutions in their crosshairs. From Vice Society’s September attack on schools in California to Snach’s late October assault on schools in Wisconsin, threat actors are not holding back when it comes to preying on schools. K-12 schools are the most vulnerable within the education industry, with many having only small staffs and even smaller budgets for defending against attacks. In addition, attacks have trickle-down effects on school staff, students and parents, who are often casualties in attacks that leak sensitive personally identifiable information (PII).

The X-Force Threat Intelligence Index consistently ranks education as one of the top ten targeted industries. Ransomware and adware are the top two attack types against education, according to the report, and phishing and brute force are the top infection vectors. Add to this that the average cost of a data breach for an educational institution is $3.86 million, and you have a recipe for a tough cybersecurity position for many schools today.

To the Defense

IBM recognizes this precarious situation for many schools, and so for the second year in a row has instituted the IBM Education Security Preparedness Grants program, aimed at helping educational institutions prepare for a significant cyberattack — such as ransomware — and create plans for resiliency.

IBM Security leaders recognized that their teams’ experience battling cyber threat actors — and especially ransomware actors — could provide significant benefits for the education sector, but that these services might not fit within the school’s budget.

One hundred and twenty schools applied for this year’s program in the US, with eight educational institutions in the US, Ireland and UAE receiving awards, and recipients in Costa Rica and Brazil to be announced in the near future.

This year’s winners include:

  • City of Dublin Educational Training Board — Ireland
  • Mohamed Bin Zayed University of Artificial Intelligence — UAE
  • Cupertino Union School District — Sunnyvale, CA
  • Rossville Cons. School District — Rossville, IN
  • East China School District — East China, MI
  • Newburgh Enlarged City School District — Newburgh, NY
  • Goffstown School District — Goffstown, NH
  • Prince William County Public Schools — Manassas, VA

Bringing in the Experts

The IBM Education Security Preparedness Grants program brings in cybersecurity experts and professional expertise from throughout IBM, with a focus on assistance from IBM Security X-Force. Over the course of several weeks, these experts will work with the institutions to improve their cybersecurity posture. This could include helping to create, hone and test incident response plans, develop ransomware playbooks, form vulnerability management plans, identify ways to incorporate new security technologies, and assist with cybersecurity awareness training.

Former participants have noted that “the IBM team was populated with top-tier experts and our team benefited greatly from all their knowledge and experience.” X-Force includes experts on penetration testing, incident response, threat intelligence, and cyber range simulations, who provide world-class consulting services for companies worldwide.

IBMers volunteer their time to support the Education Security Preparedness Grants and are motivated by the opportunity to support schools and the significance of the mission — helping to secure institutions that provide education for the next generation.

Nathan Abba, one of this year’s volunteers from the X-Force Incident Response team notes that, “This opportunity to volunteer my time and skills for community give-back at a K-12 school district is just personally rewarding. Knowing that IBM commits resources to help local communities makes me feel even better about being part of this company.”

Another volunteer, Priyank Chandra, from IBM Cloud Advisory, stated, “Schools are an important foundation of society and providing a secure foundation for their infrastructure is critical.” James Leone, a volunteer and IBM Cybersecurity Architect, recognizes that “cybersecurity is a talent that can be hard to find; I jumped at the chance to maximize the value of my contributions by volunteering this skillset.”

Real Results

Previous recipients of IBM Education Security Preparedness Grants have realized concrete benefits for their school district as a result of the program. Brevard Public Schools, one of last year’s recipients, found the program extremely worthwhile. Barrett Puschus, Director of Information Technology for Brevard, noted that “before this grant, we were completely lacking in confidence in our cybersecurity. The IBM team came in and showed us how to create a cybersecurity strategy and plan for emergencies based on our needs. We feel optimistic about our cybersecurity posture today thanks to IBM’s help.”

IBM Security X-Force knows from experience that for many organizations, a significant cyberattack is not a matter of if, but when — and this appears to be increasingly true for schools. “If your main focus lies on keeping me out of your environment, then it’s already check mate,” Charles Henderson wrote in a Financial Times opinion piece last year. “Your mission should be to buy time, slow me down and ultimately contain my attack.”

The IBM Education Security Preparedness Grants are helping educational institutions worldwide to buy time, contain attacks, and appropriately respond when an incident occurs. Combined with additional initiatives to assist K-12 schools spearheaded by the US White House, CISA, K12 SIX, MS-ISAC, and others, IBM is contributing to a more robust cybersecurity posture for schools globally.

Get complete details on the IBM Education Security Preparedness Grants program here, and schedule a consult with IBM Security X-Force here.

More from Defensive Security

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today