Schools Must Call for Resiliency in the Face of Increasing Cyber Threats

  • By Christy Wyatt
  • 12/02/19

The impact of a data breach can shake any organization, and when it comes to the education sector, schools are being forced to close their doors and wait for the crisis to pass. Although schools remain the second highest targets of ransomware attacks, little has been done to alleviate these issues.

In July and August 2019, the number of publicly-disclosed security incidents in K-12 schools reached 160 — exceeding the total of all incidents experienced in 2018 by 30 percent. Breaches of all kinds are impacting schools in extreme ways — by causing panic among faculty, families and children and disrupting students’ education. Hefty ransomware demands are paralyzing districts and urging immediate solutions to be found.

The Education Sector Is Facing a Crisis

It’s one thing for impassable roads to hit pause on a school schedule. It’s an entirely different and unacceptable scenario when cyber extortion not only gets in the way of educating our youth but puts data pertaining to their health, academics and social development at risk of exposure and compromise — not to mention the public funds that are flushed away to ransom payments and cleanup efforts. Yet here we are, co-existing with cybercrime as the new normal and witnessing escalating ransomware attacks turn schools into the second-largest victims of all industries.

The pace of growth of the “digital school district” continues to climb given the many benefits technology brings to students and educators. Funding for educational technology has increased by 62 percent in the last three years and the new U.S. Digital Equity Act proposes to commit federal dollars to bring even more tech to the classroom. And while the many benefits of the digital classroom are clear, this rapid growth, combined with complexity and the continued restricted budgets for management, make our schools and our students increasingly vulnerable.

When Complexity and Risk Plague Today’s Digital Classroom, Resilience Matters

Technology is no doubt an asset, though we need to acknowledge not just the risks to student safety and privacy it poses, but also the complexity that IT folks have to wrangle. Education IT leaders once responsible for a few hundred devices, a few dozen apps, and a single network have now found themselves managing tens of thousands of devices (as 82 percent of schools now provide students with them), hundreds of apps, and a distributed set of users accessing unknown networks — all with limited resources and budget in most cases. Meanwhile, by clicking on one bad link on a school-issued device, a student can become a conduit for a ransomware attack.

As endpoint and environmental complexities increase, and risk alongside them, it’s no surprise that 68 percent of education IT leaders in the U.S. list cybersecurity as their top priority. In tandem, several state governments, including Louisiana, Texas and North Dakota, have stepped up their efforts to safeguard schools against cyberattacks with various measures such as cyber policy mandates, cyber commission formation, and state IT department oversight for schools.

For policymakers, educational institutions and their IT leaders, and even concerned parents, collaborative cybersecurity efforts should rally around the concept of resilience, or the ability to bounce back. Here are three steps to get on the path to cyber resiliency:

  1. Battle the false sense of security. Millions of dollars of public funds are invested in applying security controls in schools — giving parents and educators a false sense of security. Many of these controls are fragile or by-passable — meaning that without consistent monitoring, you may be more exposed than you think. Make the most of the tools you already have and spend your budget on more impactful projects. Ask the question, “Are the controls we already have in place functioning at all times?” Security controls cannot protect you when they are taken offline by wily students, or bypassed. Foundational device controls include, at a minimum, anti-malware, encryption, authorized VPN, patch/client management, and web-filtering/firewalling on the client — and all need to be based on a platform that enable visibility and resilience for IT.
  2. Strengthen your immune system. In the complex world of endpoint security, increased security spending does not equate to increased safety any more than taking more vitamins guarantees you will never get the flu. In fact, every additional security tool, while adding protection, also increases the complexity on the endpoint and therefore the probability of failure as agents. A recent Absolute study reveals schools that have encryption in place experience agent failures on an average of nine devices per day — almost half of which never recover, leaving students and staff at risk of potential data breaches. In order to protect your students, your data, and your investment, ensure you have fundamental controls activated to gain a persistent connection to each device — on or off the school network. It’s only then that you can repair or replace critical apps that have been disabled or removed.
  3. Make cybersecurity the air students breathe. Creating a culture of online security and open communication about online threats is not just good practice, it’s an ethical responsibility. Turn it into a game; teach students what attackers do, test them on practical examples, and give each of them a sense of achievement when they win. Yammering on about ransomware crippling the school or how awful an attack would be for their district is unlikely to stop an 11-year-old trying to circumvent security policies. Let them know what villains may try to do, and challenge them to step up and help stop them. Provide a means for them to report suspicious online behavior without fear of punishment. Make them the hero of the cyber resilience story.

Heeding these steps will ultimately prepare schools to successfully overcome a ransomware attack by ensuring it’s business as usual no matter the extent of the breach. While we must understand the importance of a thriving digital classroom, the education sector must also recognize the threats that come along with these advancements.  

About the Author

Christy Wyatt is CEO of Absolute.

Featured

  • Designing a Performing Arts Center from a PE Perspective

    Designing a top-tier performing arts facility for a high school is a complex endeavor that demands a delicate balance between advanced technical specifications and practical budget considerations. Nevertheless, it represents a crucial initiative that enriches educational and community engagements.

  • Lewis C. Cassidy Elementary School

    Established in 1999, the Education Design Showcase is a vehicle for showing off innovative — yet practical — solutions in planning, design, architecture, and construction. Lewis C. Cassidy Elementary School has been recognized with an EDS 2025 Grand Prize award in the category of New Construction.

  • K12 Tutoring Earns Every Student Succeeds Act Level II Validation

    Personalized online tutoring service K12 Tutoring recently announced that it has received Level II validation underneath the Every Student Succeeds Act (ESSA), according to a news release. The independently validated study provides evidence of K12 Tutoring’s role in creating positive student outcomes through effective academic intervention and research-based solutions.

  • S4L Launches 2025 Facilities and Construction Brief Survey

    Spaces4Learning recently launched its 2025 Facilities and Construction Brief Survey, which gathers information on K–12 and higher education construction projects nationwide from the previous year. The data we get from you, our readers, forms an industry report offering an overview of current trends in school facilities.

Digital Edition