Report: Schools One of Biggest Targets for Ransomware Attacks

Petya ransomware
Image: Wikimedia Commons

According to a new report, the number of publicly-disclosed security incidents in K-12 schools reached 160 in the months of July and August 2019 alone — exceeding the total of all incidents reported in 2018 by 30%.

Government Technology

By Lucas Ropek

This summer, K-12 schools saw an unprecedented rise in cyberattacks, with schools being hit more in those months than throughout the whole of 2018.

That’s according to a new report from endpoint resilience firm Absolute. The report was compiled after a survey of data from over 1,200 K-12 organizations and claims schools are the second most popular target for ransomware attackers next to local governments.

Since 2016, there have been over 700 cybersecurity incidents at schools across the country. Of those, 49 were ransomware attacks that affected school districts during this year alone, the report states.

Ironically, increased digital literacy and more complex IT landscapes in schools may actually be escalating risks.

That’s because students — now almost always digital natives — are provided with more connected devices by schools than ever before. They also often attempt to circumvent security protocols and Web content filtering on those devices by using Web proxy and rogue VPN tools, the report alleges. These attempts open the schools up to infiltration by bad actors.

Our students today are so much more technically savvy. Digital is just sort of their life. It’s what they grew up with,” said Christy Wyatt, Absolute CEO. “The thought that basic controls can contain their creativity was one of the theories we really wanted to challenge. When we looked at it, we realized how broadly and pervasively this was really happening.”

Wyatt said she had a personal experience with it through her own 18-year-old son, who pooled his money with friends to buy TunnelBear — a VPN software that allowed them to bypass security to play games on school devices.

While these kinds of youthful antics might seem harmless, they can be the very opportunity a malicious actor is looking for, Wyatt said. Those actors can use the students to spread malware or ransomware on a school’s network.

One of the things that’s been most prominent over the last six months is the number of schools that are being targeted with ransomware,” Wyatt said. “Ransomware has become such a huge challenge in enterprise… While schools are being targeted, there is probably less of a conversation with students about it and what to do about it.”

Schools, like other enterprises, need investment and support from government to adequately deal with these challenges, Wyatt said.

Similarly, a goal for schools and district officials moving forward might be to open up a broader dialogue with students and young people about digital safety, Wyatt said. Still, this kind of communication is more of a challenge for schools than for other organizations.

“It’s much tougher to tell a fifth grader not to click on ransomware,” Wyatt said. “They’re much more vulnerable. And so I think we have to do more to reach out and not just educate the community about what the risks are, but give them access to resources so that when something starts to go wrong they can respond and adequately protect themselves.”

(c)2019 Government Technology
Visit Government Technology at www.govtech.com
Distributed by Tribune Content Agency, LLC.

McClatchy-Tribune News Service

Learn how to access support for school cybersecurity needs:

How to Find School Cybersecurity Support

About the author

Avatar

EfficientGov Staff

EfficientGov is an independent information service providing innovative solutions to fiscal and operational challenges facing cities and towns around the world.