Nearly 50 school districts and colleges have been pummeled by ransomware and other forms of cyberattacks in recent months. These have ranged in nature from disruptive, as in the case of the Flagstaff two-day closure, to catastrophic, such as in Louisiana where the governor recently declared a state of emergency following “severe, intentional security breaches” on school computer systems. Hefty ransomware demands are paralyzing districts, while also impacting students’ ability to learn and causing panic among faculty, families and children.
At Absolute, we recently released a report on the state of cybersecurity in the education sector—which leveraged data from 3.2 million active devices active in 1200 K-12 organizations across North America—and shows that complex IT environments and digitally savvy students are leaving schools massively exposed. More than 90% of education IT leaders are managing up to five versions of common applications, and 42% have students that are actively circumventing security via rogue VPN or web proxy apps.
Although we’ve closed out October and National Cybersecurity Awareness Month, it’s important to continue to shed light on this ongoing issue and seek answers for schools and their students, who remain some of the most vulnerable victims. While large enterprises receive training and guidance needed to help thwart a data breach, these practices remain almost non-existent within our schools – even though students today are much more tech-savvy than any previous student body. It’s this savviness that is actually proving to be a threat in itself, with students using their own digital know-how to work around any existing school security controls… and in parallel, opening up back doors for hackers to sneak in as well.
Although schools remain the second highest targets of these attacks, little has been done to alleviate these issues. IT leaders in schools simply don’t have the bandwidth to be as prepared as they should be for an inevitable cybersecurity incident, and the immediate response is to spend more money that doesn’t exist within an already limited budget. They are so underprepared and under-resourced that a new law has passed in the US senate, demanding that the federal government ramp up its support for organizations hit by ransomware. No organization could be in greater need than the local elementary school.
Staying calm and maximizing existing defenses are two critical ways to combat a threatening cyberattack. But in order to provide answers and assurances to rightfully concerned parents and faculty, visibility is a non-negotiable. It’s visibility that makes it possible to assert and maintain control. You can ensure the school’s internet safety policies are adhered to and set up alerts to flag any suspicious activity or non-compliant devices. You can take steps to protect highly sensitive student information if a device ends up lost, or in the wrong hands. With full visibility and control, the most effective decisions can be made to limit the extensive damage a cyber attack can cause and will create a more resilient defense system to protect against future attacks.
There were 160 publicly-disclosed security incidents recorded this past summer. The impacts of a data breach can shake normality for any organization, and when it comes to the education sector, schools are being forced to close their doors and wait for the crisis to pass. It is one thing for a hurricane or the next blizzard to cause school closures… it’s another for a cyber attack to disrupt the ability to educate on schedule. The education sector is calling out for assistance, and it’s time to start listening.