{"id":23384,"date":"2020-12-17T03:42:42","date_gmt":"2020-12-17T03:42:42","guid":{"rendered":"https:\/\/www.lifeandnews.com\/articles\/?p=23384"},"modified":"2020-12-18T13:41:47","modified_gmt":"2020-12-18T13:41:47","slug":"k-12-schools-need-to-take-cyberattacks-more-seriously","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/k-12-schools-need-to-take-cyberattacks-more-seriously\/","title":{"rendered":"K-12 schools need to take cyberattacks more seriously"},"content":{"rendered":"

Nir Kshetri<\/a>, University of North Carolina \u2013 Greensboro<\/a><\/em><\/p>\n

Teachers in Baltimore County Public Schools knew something was wrong late in the day on Nov. 24 when they began to experience trouble<\/a> entering grades into the school district\u2019s computer system. Around the same time, the video for a meeting of the district\u2019s school board abruptly cut off<\/a>.<\/p>\n

Both situations were the result of a cyberattack that had hit all of the school district\u2019s computer networks<\/a>, disrupting online classes for 115,000 students.<\/p>\n

The episode was by no means isolated.<\/p>\n

Rather, it was just one of several in an uptick of ransomware attacks in which cybercriminals have targeted public schools throughout the United States \u2013 from Hartford, Connecticut<\/a>, to Huntsville, Alabama<\/a> \u2013 since the 2020-21 school year began.<\/p>\n

Federal cybersecurity officials say the attacks \u2013 which involve things that range from the theft of sensitive student data to the disruption of online classes \u2013 are expected to continue<\/a>.<\/p>\n

As a researcher<\/a> who specializes in cybercrime<\/a> and cybersecurity<\/a>, I know that public schools represent easy and attractive targets for cybercriminals.<\/p>\n

Attacks have doubled<\/h2>\n

This vulnerability is in part due to the fact that most schools spend very little<\/a> on cybersecurity, despite the fact that they need to perform a large amount of file sharing on their networks. They also may be likely to comply with cyberextortionists\u2019 demands because taxpayers and parents expect them to restore networks quickly<\/a>.<\/p>\n

Cyberattacks may not be completely avoidable, but there are steps school system leaders can take to reduce the likelihood that the attacks occur or that sensitive student data is stolen and leaked onto the dark web, as was the case in Fairfax County, Virginia<\/a>, in October. But first, let\u2019s take a look at the scale and scope of the problem and how dramatically ransomware attacks increased between spring and fall of 2020, both in the United States and globally<\/a>.<\/p>\n

From March until mid-November, cybercriminals attacked U.S. school districts educating over 700,000 students<\/a>. In the U.S., public K-12 schools represented about 28%<\/a> of all reported ransomware incidents from January to July. That figure more than doubled, to 57%, for August and September, when K-12 schools began the fall semester.<\/p>\n

In Europe from July through August, the number of weekly cyberattacks against the education sector increased by 24%, compared with 9% for all sectors<\/a>. During that same period, weekly cyberattacks targeting the education sector in Asia increased by 21%, compared with 3.5% against all industries<\/a>.<\/p>\n

Weak security<\/h2>\n

Compared with most organizations and workplaces, public schools are less prepared to defend themselves against cyberattacks<\/a>.<\/p>\n

For instance, in Baltimore County<\/a>, a state government report<\/a> indicated that the school system\u2019s network lacked adequate security and had failed to properly safeguard sensitive personal information.<\/p>\n

Typically, public schools have small IT teams<\/a>. Some have technology leaders with no formal training in technology<\/a>.<\/p>\n

Public schools also lack proper data backup and recovery systems and procedures<\/a>.<\/p>\n

Given the large number of users, school networks have many vulnerable points of entry and face higher risks of malware infection and transmission. Students might also use devices with outdated software, and their home networks might be insecure. If one student\u2019s device is attacked, that may be used as an entry point to attack the entire school network.<\/p>\n

For instance, the criminals may send malicious email attachments to other users of the network using the student\u2019s credential. Most K-12 students lack cybersecurity training<\/a>, which includes how to spot malicious links or infectious attachments.<\/p>\n

\"Two
Cybercriminals use phishing tactics to access students\u2019 confidential information.<\/span>
\nAntonioGuillem via iStock\/Getty Images Plus<\/a><\/span><\/figcaption><\/figure>\n

Extortion tactics<\/h2>\n

Public schools are under pressure to ensure that students have access to online learning opportunities during the COVID-19 pandemic. The pressure to quickly restore networks is especially acute after the school year starts. Cybercriminals are taking advantage of this situation<\/a><\/p>\n

After penetrating a school network, the perpetrators seek to gain privileged access and identify critical systems<\/a>. They then gather large numbers of account credentials, such as usernames, passwords and other items used to validate identity for authentication. They may also steal other sensitive data, try to destroy backups and disable security processes.<\/p>\n

According to the antivirus company Emsisoft, after ransomware perpetrators compromise a network, they stay in the network for an average of 56 days<\/a> before they deploy ransomware.<\/p>\n

Ransomware attacks against K-12 schools dramatically increased when the 2020 school year started<\/a>. The number of universities, colleges and school districts facing ransomware attacks increased from eight during the second quarter of 2020 to 31 during the third quarter<\/a>.<\/p>\n

Sensitive personal data is also involved in such attacks. In nine of the 31 ransomware incidents victimizing U.S. schools in the third quarter of 2020<\/a>, the perpetrators had stolen personal data. The five most active ransomware groups targeting K-12 schools \u2013 Ryuk, Maze, Nefilim, AKO and Sodinokibi\/REvil \u2013 run leak sites to \u201cdump\u201d personal data<\/a> if victim schools refuse to pay.<\/p>\n

In September, ransomware gang Maze attacked Ohio\u2019s Toledo Public Schools and published personal data of faculty, staff and students<\/a> online. Personal data posted on the dark web included students\u2019 and employees\u2019 Social Security numbers and dates of birth<\/a>. The criminals also disclosed information related to students\u2019 exam grades, disciplinary action and disability status. The identities of an eighth grader whom the school had listed as emotionally disturbed and a ninth grader suspended for sexual activity were revealed. A list of foster children was also published<\/a>.<\/p>\n

Children\u2019s data are highly valuable<\/h2>\n

Among the most serious concerns in ransomware attacks against schools is that leaked children\u2019s data is likely to be sold in the dark web. Even before ransomware attacks started, children were 51 times more likely <\/a> to be targeted for identity theft than adults.<\/p>\n

Some identity thieves specifically target children because the children may not find out that they were victimized until decades later after applying for credit<\/a>.<\/p>\n

The unique value of children\u2019s Social Security numbers also stems from the fact that they lack a credit history<\/a> and can be combined with any name and birth date.<\/p>\n

What can schools do?<\/h2>\n

School leaders should develop clear guidelines and policies to strengthen cybersecurity. Regular updates about phishing<\/a> and other threats, as well as strategies and instructions to mitigate and manage such threats, must be provided to students and staff.<\/p>\n

Schools can also use free services to enhance cyberdefense. Of the 13,000 school districts<\/a> in the U.S., only 2,000<\/a> are taking advantage of free membership in the Multi-State Information Sharing & Analysis Center. The center offers network vulnerability assessments, cyberthreat alerts and other services, such as Malicious Domain Blocking and Reporting<\/a>, which prevents computer systems from connecting to malicious websites. Only about 120 schools use the blocking service<\/a>.<\/p>\n

Many school districts rely on outdated equipment<\/a> and software<\/a>, which are easy to hack. It is important to patch operating systems and software when manufacturers release new updates. It also helps to constantly back up important data. By frequently backing up data and keeping it secure, schools can ensure the access to networks without disruption.<\/p>\n

Schools may also want to purchase cyberinsurance to defend against ransomware and other cyberthreats<\/a>. Insurance not only helps pay ransom, but it also helps to defend against attacks, because schools need to strengthen their security to get a lower premium. When online education company K12 Inc., which creates online learning curricula for over 1 million students, faced ransomware attacks in November, the company worked with its cyberinsurer to make the ransom payment<\/a>.<\/p>\n

[Deep knowledge, daily.<\/em> Sign up for The Conversation\u2019s newsletter<\/a>.]\"The<\/p>\n

Nir Kshetri<\/a>, Professor of Management, University of North Carolina \u2013 Greensboro<\/a><\/em><\/p>\n

This article is republished from The Conversation<\/a> under a Creative Commons license. Read the original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Nir Kshetri, University of North Carolina \u2013 Greensboro Teachers in Baltimore County Public Schools knew something was wrong late in the day on Nov. 24 when they began to experience trouble entering grades into the school district\u2019s computer system. Around the same time, the video for a meeting of the district\u2019s school board abruptly cut […]<\/p>\n","protected":false},"author":44,"featured_media":23385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[292],"tags":[6420,5361,612,793,1737,1013,1626,6419,8525],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/23384"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=23384"}],"version-history":[{"count":2,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/23384\/revisions"}],"predecessor-version":[{"id":23391,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/23384\/revisions\/23391"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/23385"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=23384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=23384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=23384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}