Developing a school-centric, anti-threat strategy is a great start.
GUEST COLUMN | by Rob Cheng
COVID-19 brought more than an overnight shift to remote schooling. It generated a new record in cyberattacks against schools, an 18 percent increase over the previous year. A report from the K-12 Cybersecurity Resource Center noted 377 school districts across 40 states experienced a record-setting 408 publicly disclosed cybersecurity incidents. Many of these incidents caused school closures, millions in stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud.
The pandemic also brought new threats like class and meeting invasions as students and teachers moved to Zoom style conferencing. An estimated 45 percent of the incidents also included email invasion, unattributed malware, website and social media defacement, and a wide variety of related and/or low-frequency incidents.
‘In 75% of the data breaches involving personal information, it was the security practices of the school vendors and partners providing administrative services to school districts that were the root of the cause.’
In 2020, some 36 percent of the K-12 incidents were data breaches/leaks. Alarmingly, it wasn’t school staff or students contributing the most to these incidents. In 75% of the data breaches involving personal information, it was the security practices of the school vendors and partners providing administrative services to school districts that were the root of the cause.
Answering K-12 Cybersecurity Needs
While Zoom invasions were a new addition, the reality is data breaches and ransomware are regularly occurring attacks.
What the COVID-year attacks have shown, is that school districts need to improve their cyber defense infrastructure, for remote and onsite work environments. The survey offers these four recommendations:
1. Invest in greater IT security capacity dedicated to the unique needs of schools
2. Enact federal and state school cybersecurity regulations to ensure minimum school district and vendor cybersecurity practices
3. Support K-12 specific cybersecurity information sharing and research
4. Invest in the development of K-12 specific cybersecurity tools
Closing the Cybersecurity Gaps
According to the K-12 survey, while the absolute number of ransomware incidents (12%) decreased in 2020, the severity increased with some extortion demands far exceeding $1 million per incident. School closures and class cancellations associated with ransomware incidents (in some cases lasting a week or longer) tripled from the prior year to 15 school districts across 13 states, the survey reported.
In March, the FBI released a TLP:WHITE Flash alert on PYSA ransomware attacks on educational institutions, including K-12 districts. Exfiltration of data and crucial files, leading to credit fraud and identity theft, is the outcome of these attacks.
Key contributors to ransomware, email invasion and resultant data breaches are unauthorized access to student or staff files and applications, and inadvertently opening the school network to threats via phishing. To combat these threats, here are five anti-threat actions school districts can take:
1. Apply application whitelisting. This key tool allows only specified programs to run, while blocking all other applications. With students learning remotely, and with staff moving between remote and campus locations, whitelisting is a way to ensure, regardless of device or user, that malicious files cannot enter the network. If other layers fail in a security stack, whitelisting will block malware from running on a workstation.
2. Password updating is essential. Students and staff need to keep personal and school passwords separate, use multi-factor authentication and change passwords every six months. And, personal email accounts should not be opened via the district network.
3. Phishing threat education must be constant. In 2020, spear phishing resulted in a record setting $9.8 million stolen from a single school district. Staff opening supposedly legitimate emails specifically for them, was a rich opportunity for cybercriminals. The student population is another phishing target for a widespread attack. Combining improved email security filters with educational reminders on phishing threats is imperative.
4. Vendor scrutiny needs to be tightened up. Requiring third-party vendors to embrace security measures like whitelisting is another K-12 security measure. As the survey notes, school districts should more stringently vet the security policies and practices of all their vendors at the time of procurement and periodically over the life of a contractual relationship.
5. Patching updates must be timely. Some 30,000 U.S. organizations, including educational institutions, were hacked due to flaws in the Microsoft Exchange Server. Microsoft did release emergency updates on the server issue. If the update was not executed, or late, however, the result was a major assault.
Becoming Proactive and Powerful
During 2020, cybercriminals capitalized on the disruption caused by COVID and successfully executed record new attacks. School districts can fight back by adding more access control and email security tools, communicating regularly on threats, and making sure patching is current. It is the way to win the war on cybercrime.
Rob Cheng is the founder and CEO of South Carolina-based cybersecurity firm PC Matic. Rob is a world-renowned cybersecurity expert and speaker who has been featured in national outlets and publications such as Fox News Channel, The Associated Press and USA Today. Best known for his role as the spokesperson for PC Matic on a host of national television campaigns, Rob’s expertise has led to the company becoming a leader in the global cybersecurity market.