Dive Brief:
- Connecticut's Hartford Public Schools this week announced it would delay the start of school, scheduled for Sept. 8, due to a ransomware attack that "caused an outage of critical systems," including one that communicates transportation routes to the district's school bus company.
- Superintendent Leslie Torres-Rodriguez told NBC News she does not believe the attack compromised the personal information of students and staff.
- The Hartford attack came roughly a week after Miami-Dade County Public Schools, in Florida, fell victim to a string of distributed denial-of-service (DDoS) attacks perpetrated by a 16-year-old student during its first week of remote learning in the new school year.
Dive Insight:
K-12 is one of the most-targeted sectors for cyberattacks due to a combination of the amount of personal data held by schools and districts' lack of funds for strong cybersecurity measures. Ransomware attacks have been particularly popular.
In such an attack, a system is infected with malware that encrypts network data and prohibits access. The perpetrators then demand a ransom in exchange for an encryption code that will free access to the data. The situation is especially debilitating for organizations like school districts that need steady access to all of their files. And while skilled tech professionals can manually restore previous files or even work to break the encryption, both options are time-consuming, and many organizations opt to pay the ransom to save themselves the work.
The method is so successful that, in 2017, it was estimated to have raked in around $25 million from school districts.
"As the school year kicks off, school districts should benchmark their cybersecurity practices against well-regarded risk management frameworks like NIST's Cybersecurity Framework, be sure their cybersecurity incident response plans are up-to-date, and look to join or participate in school-specific threat intelligence sharing communities," Doug Levin, president of EdTech Strategies and the K-12 Cybersecurity Resource Center, told Education Dive in an email.
The K-12 Cybersecurity Resource Center recently launched a district self-assessment resource that generates a list of prioritized steps for administrators to take in order to tighten their cybersecurity practices and defenses.
Earlier this year, Levin also described a handful of risks present in remote learning, including from students or educators who might be using a personal home device that is unpatched and unprotected. With protections in place on school networks lowered in some cases to better allow for remote access, this runs the risk of introducing malware to school networks and systems.
There's also the threat of malware infecting a school-issued device while offsite, in a student or educator's home, and then being introduced to the school network once face-to-face learning resumes.
Ultimately, the end user is still the greatest potential cybersecurity threat, however, and training students and educators to identify phishing attempts in emails, suspicious websites and other scams is key. The beginning of the school year often lends itself to a spike in incidents, as well, as educators and other staff may become less scrutinizing while clearing the backlog of summer emails.