Cybersafetyconnections May 29, 2023 vol1#119
- K-12 schools are still a primary target of cyberattacks in 2023.
- Ransomware is still an issue and on the rise in K-12 Schools.
- Cybersecurity measures for K-12 schools.
- The way forward for K-12 Schools .
K-12 schools and cyberattacks in 2023
It’s unfortunate to see that even now in 2023, K-12 institutions are still being targeted by cybercriminals. According to Tech Learning these attacks come in many forms, such as DDoS, phishing, data breaches, password attacks, man-in-middle attacks, and malware. As a result, schools are experiencing financial losses, requiring additional resources for recovery, and losing valuable instruction time.
K-12 Schools and The Rise of Ransomware
Skip the hysteria, what you need to know
It’s concerning to note that ransomware incidents have become the most frequently reported type of cyberattack in 2022, with the percentage rising from 12% in 2020 to 62% in 2022, according to the Emsisoft 2022 report. This is the first-time ransomware incidents have been reported as the most common type of cyberattack in school districts.
Furthermore, the number of schools affected by ransomware in 2022 almost doubled compared to the previous year, with 1,981 schools potentially compromised. It’s also worth mentioning that ransomware groups were successful in exfiltrating data from U.S. schools at a rate of two-thirds in 2022, up from half that number in 2021.
Recently, bad actors released health records for about 2,000 current and former LAUSD students, publishing it on the dark web. It is important to acknowledge that ransomware will continue to be an evolving cybersecurity threat, especially with the increase in classroom technology and personal digital data.
Unfortunately, many districts don’t have significant resources or budgets focused on cybersecurity. The State of EdTech District Leadership 2022 highlights that more than half of the IT professionals (52%) said their schools lack adequate staffing to support and protect teachers, while 77% of districts reported not having a full-time employee dedicated to network security.
It’s also worth noting that often unintentional and non-malicious human errors are the top reason for school cyber-attacks. Staff and teachers, focusing on daily operations, are too quick to respond to phishing attempts, suspicious links, and unsecured access networks. It’s important to be vigilant when it comes to cybersecurity and prioritize cybersecurity education, training, and resources.
Steps to protect K-12 Infrastructure
It is understandable for concerned edtech leaders to feel worried about the rise in ransomware attacks on K-12 institutions. These attacks such as Ransomware can access and exploit sensitive data, including student records, financial aid and transaction data, and healthcare information. Unfortunately, many school districts lack the resources and budgets to effectively combat cybersecurity threats.
However, there are organizations such as CoSN and the National Cryptologic Foundation that are committed to cybersecurity education and training. CoSN has released the Blaschke Report, which outlines five key actions that school IT staff can take to better protect their infrastructure.
- Training
- Technical expertise
- Network security
- Sustainability plans
- Leadership buy-in and funding
The National Cryptologic Foundation provides various resources and tools for educators to help teach cybersecurity practices to students. It’s crucial for edtech leaders to stay up-to-date with the latest cybersecurity trends and strategies. While AI technology may be a game changer in the fight against cyberattacks, it’s important to remember that it’s not a substitute for experienced personnel, robust infrastructure, and knowledgeable users.
The Way Forward
It is crucial for K-12 school districts to prioritize cybersecurity education, training, and resources, especially as technology becomes more integrated into classrooms. The 2022 CiSA report recommends that districts explore several strategies to meet the increased demands of the cyber risk landscape. These strategies include;
- Making all employees part of the district’s security defense
- Keeping patches up-to-date
- Restricting unnecessary access
- Implementing multi-factor authentication
- Following industry best practices
It’s important for educators to stay informed about the latest cybersecurity trends and threats. Cybercriminals are now recruiting AI and ML specialists to design malware that can evade current-generation threat-detection systems, and they’re using popular AI tools like ChatGPT to refine their attacks. However, leading cybersecurity vendors like AWS, Google, and Microsoft are investing in AI and ML research to combat these threats.
AI technology has the potential to automate security systems, support natural language processing, refine face detection, and improve predictive threat-detection systems. While AI is not a substitute for experienced IT personnel and knowledgeable users, it can help districts fight against cyber-attacks. It’s critical for school districts to prioritize cybersecurity education and resources to better defend their IT infrastructure and protect their students and staff from potential threats.
Subscribe to get the latest blog post.
Your CyberSafety Advocate 