As seen on eSchool News
It’s crucial that school districts have robust, modern cybersecurity strategies in place to protect valuable information against ransomware.

Critical steps to help school districts combat ransomware attacks

It’s crucial that districts have robust and modern strategies in place to protect valuable information

By Gary Barlet, Illumio April 30th, 2024

Key points:

School districts are one of the most vulnerable industries for a ransomware attack, particularly from foreign adversaries, according to Ann Neuberger, deputy national security adviser for cyber and emerging technology. In addition, a 2022 GAO report indicated that K–12 schools faced significant disruptions in learning and substantial monetary losses due to cyberattacks, with some districts reporting a halt on educational operations of three days to three weeks and recovery periods spanning two to nine months. Some school districts reported that in the 2022-2023 school year alone, breaches cost them upwards of $1 million.

From disruption in education to costly recoveries, we’ve seen how cyberattacks significantly impact schools. With ransomware attacks on the education sector doubling from 2022 to 2023, districts across the nation need to brace for another wave.

To bolster defenses against ransomware attacks, districts must first understand what makes them vulnerable to attacks. Schools often face resource constraints–many using outdated technologies, preventing them from implementing the cybersecurity tools they need. Schools also often don’t have, or don’t prioritize, their budget for an adequate IT team. Overall, districts are barely allocating budgets for cyber initiatives. Notably, recent research revealed that nearly half of districts surveyed spent only two percent or less of their budget on cybersecurity.

Having limited cybersecurity resources hinders a district’s ability to implement modern and robust security measures, and puts education, sensitive data, and much more at risk. Despite these challenges, there are steps that districts can take to proactively defend against attacks.

Assume breach

Following the footsteps of federal agencies, districts must shift their mindset from “preventing all attacks” to “containing successful attacks.” This “assume breach” mindset shift will enable the school to prepare for when an attack occurs, not if an attack occurs.

Our world is more hyperconnected and hybrid than ever before, particularly since 2020 when many schools had to transition to online schooling due to the pandemic. Even four years later, some school districts still use online learning.

Traditional security strategies establish a network perimeter, limiting inbound traffic but allowing most outbound traffic via firewalls. However, this architecture overlooks the reality that numerous threats may reside within the school network and does not take into consideration this new hyperconnected, hybrid world. This world has provided attackers with new avenues and methods of access to launch their attacks. For example, when students and teachers bring school laptops home, these laptops are outside the network perimeter and connected to public or home networks, making them more vulnerable to an attack.

To reduce the impact of an attack, districts must “assume breach” and have a plan in place that ensures critical information remains safeguarded even outside the network perimeter.

Increase end-to-end visibility

As districts adopt an “assume breach” mindset, they must simultaneously develop an actionable plan to protect against any attacks. One key part of their plan must include visibility into all networks and across all traffic. After all, they cannot defend against what they cannot see.

In today’s environment, it’s essential to have a comprehensive view of traffic across all school-issued devices, whether students are at school or at home. Visibility enables the enforcement of least-privilege security policies–a concept where a user is only granted access or permission on a network when it is absolutely necessary on all workloads–regardless of the location. End-to-end visibility across the entire hybrid attack surface will eliminate blind spots, identify vulnerabilities and critical assets, and enable IT teams to effectively monitor all network activities.

Implement a segmentation strategy

Districts can also adopt Zero Trust Segmentation (ZTS), also known as microsegmentation. ZTS is based on the principles of least-privilege access and is a foundational pillar of any Zero Trust architecture. Through the continuous visualization of all communication patterns and traffic between workflows, devices, and the internet, ZTS constantly verifies a user and creates granular policies that permit only essential communication. That way, if a breach or attack does occur, the attacker cannot easily move across the environment to compromise more assets and instead will be contained and isolated.

Through leveraging end-to-end visibility and ZTS, districts ensure the protection of critical assets and school-issued devices both in and outside of the classroom. This approach not only protects valuable information, such as student data, but also lowers the risks of consequences stemming from an attack.

The role students can play in cyber hygiene practices

There are steps everyone, including students, can take to enhance a school’s cyber strategies. Examples include creating complex passwords, ensuring software is regularly updated, participating in phishing awareness training, and implementing multifactor authentication (MFA). To ensure cybersecurity culture is reinforced and part of the curriculum, schools can make sure this is covered in teacher workshop days.

Furthermore, schools can establish a system to ensure student participation by involving IT teams in the classroom and inviting them to educate students on the importance of cyber hygiene practices. Maintaining cybersecurity awareness is a continual endeavor, and both staff and students would benefit from refresher courses and training to remain knowledgeable about emerging threats and the latest security best practices.

Protecting education

In an era where learning extends beyond the classroom, it’s crucial that districts have robust and modern strategies in place to protect valuable information and allow schools to operate as normal even when an attack occurs. From more senior strategies, like IT teams adopting an “assume breach” mindset, increasing end-to-end visibility, and implementing ZTS, to everyday practices, like students being able to identify suspicious emails and effectively set up MFA, everyone can play a part in reducing the attack surface before it’s too late.

About the Author:

Gary Barlet is the Federal Chief Technology Officer at Illumio, where he works with government agencies, contractors, and the broader ecosystem to incorporate Zero Trust Segmentation, or microsegmentation, as a strategic enabler of Zero Trust architecture. He can be reached at

eSchool Media uses cookies to improve your experience. Visit our Privacy Policy for more information.

Looking for some help?

Would you like to have an eSchool Media team member contact you?

Leave your details for more information