Why Educational Institutions are Prone to Ransomware Attacks (and What They Can Do to Protect Themselves)
is the most significant information
threat in the education sector, and K–12 schools and colleges and
universities are both targets. For example, Los
Angeles Unified School District,
the second largest district in the U.S. with more than 1,000 schools
and 600,000 students, was recently hit by a ransomware attack,
disrupting access to its IT systems. Following a cyber-attack in
December 2021, Lincoln
had to shut down the following May as all systems required for
recruitment, retention and fundraising efforts were still inoperable.
But why are educational systems an enticing target for ransomware
attacks, and how can they improve their cyber defenses?
addressing defense tips, let’s first review why educational
institutions are targeted by hackers. First, at the K–12 level,
many school systems are underfunded and can’t afford the same
sophisticated cyber-defenses that protect businesses. Few have
dedicated teams of cybersecurity professionals. Schools often rely on
older, more vulnerable IT systems that aren’t patched or updated on
a regular basis. And with services exposed to the Internet, as well
as teachers and students using their own computers and devices to log
in remotely, school systems present a large attack surface for
hackers to exploit. Many of these problems also exist at the college
schools and colleges find themselves with little recourse but to pay
if they’re hit with a ransomware attack. When attackers infiltrate
a school district’s network, they can lock employees out of
computers and systems while gaining access to valuable and sensitive
personal information. Most schools and systems don’t have the
technical sophistication to recover data in the event of a breach.
For administrators, the desire to avoid disrupting classrooms coupled
with the possible consequences of an online data leak creates massive
pressure to pay ransoms (which have gone as high as half a million
short, the combination of being soft targets and having a higher
propensity to pay makes schools almost irresistible to hackers.
the growing cyber threat, however, there are effective strategies for
making schools more secure (especially in the era of hybrid learning)
and ways to improve threat detection and prevention.
first step is to prioritize ransomware awareness among school
administration, teachers and students. Introducing security concepts
through awareness training programs can help users to adopt safe
practices when accessing computers, systems and login credentials.
security awareness education should include:
phishing attempts (in which attackers attempt to trick users into
providing their login credentials);
email security best practices (detecting emails from malicious
weak or exposed passwords; and
incidents to the IT department.
important strategy for reducing the cyber risk to schools and
minimize the threat of ransomware is to prioritize the implementation
of tools for:
Filtering: This includes blocking restricted content and additional
capabilities to prevent access to websites, emails, or files that can
lead to vulnerabilities and incidents. These restrictions provide
excellent protection against threats and support adherence to
compliance regulations, such as the Children’s Internet Protection
Act (CIPA). Content filtering can be deployed using hardware
appliances or software as a service (SaaS).
Access: Visibility tools that can track and expose threats and
identify user behavior contributing to a compromised network are a
must-have for achieving compliance. Monitoring network security
threats, issues and trends accelerate the ability to eliminate
threats, set meaningful security policies across the network, and
meet critical compliance mandates.
authentication (MFA): Password-only authentication systems are
inherently weak and stolen credentials are often used in ransomware
attacks. MFA requires additional verification (such as a biometric
like a fingerprint or entering a code on a recognized mobile device)
before a user is granted access to a network or data. Educational
institutions should implement MFA alongside any bring your own device
(BYOD) program to protect user access. Look for a solution with an
optimal user experience that can make it easy to enable
authentication right from a user’s own phone after a simple install
WiFi: WiFi is critical to enable learning, admin, and teaching
duties in a school setting. To deliver secure Internet access, focus
on private networks and access points that can handle density without
risks. Consider Cloud-managed WiFi solutions for optimized
performance, greater visibility and reporting.
final strategy for protecting educational systems is having a
well established backup and
disaster recovery plan.
That means identifying
the most sensitive files to be backed up, as well as which back-up
files need to be secured offline. In addition, individual schools
should have their own back-up. When it comes to backups, consider the
Keep three copies of any important files: one primary and two
Keep the back-up files on two different storage media.
Store one copy offsite.
remember that for a disaster recovery plan to be truly effective,
practice makes perfect. Don’t wait until a ransomware attack occurs
to find out whether your plan actually works.
schools continue adapting to hybrid learning, e-learning, and other
more flexible student learning experiences, threat actors will likely
continue to take advantage of educational systems. It’s paramount
for K–12 schools and high educational institutions to discuss and
implement strategies to secure hybrid learning, threat detection and
prevention and create awareness training for all levels of employees
and students. It’s also just as crucial for individuals outside of
the education sector to support the initiatives that empower schools
with the tools and resources to enable a secure learning environment
so communities can learn anywhere, anytime.
Sam Manjarres is Senior Product Marketing Manager at WatchGuard.