Cyber-attacks Put School Systems to the Test

Picture this: 

As the clock approached 3:30 pm on the eve of Labor Day weekend, the bustling corridors of the second largest school district echoed with the departure of teachers, administrators, and students, eager to kick off their much-anticipated break. However, the excitement of the impending holiday was abruptly shattered by an alert flashing across the screens of the IT administrators. 

Suspicious activity was detected but the IT admin, working remote from home, couldn’t access the system on their computer. After driving to the school, they discovered their whole system was down. Through messages on the system, they realized the total lockdown of the system is from a ransomware attack. Every aspect of their systems – from bus schedules and student records to payroll and building alarms – was down and inaccessible.  

Not knowing where to start with recovering their systems, the IT admin enacted their cyber insurance policy. Their provider connected them with a group of trained professionals, including a breach coach, digital forensics team, and recovery team, who immediately began work to recover the school. As the recovery partner in the engagement, Entara, got the school up and running by the end of the holiday weekend. We worked round the clock with teams in shifts, and we got them ready for school to open on Tuesday morning, although the full remediation took another month. Keep reading to learn more about how school systems can prevent themselves from being the unfortunate star of a story like the above. 

Why are schools seen as an ideal target for cyberattacks by threat actors and what can education systems do to avoid falling victim to these devastating attacks?  

Education systems are critical infrastructures and, with more schools operating online, it’s crucial to ensure that these organizations have strong cybersecurity protection in place. Delay from a cyber-attack can greatly impact education, payroll and even access to crucial information, such as health information, emergency contacts, security systems, and more that could impact student safety. 

Data Rich Environment

Schools collect and store a vast amount of sensitive information about students, parents, and staff, including personal and financial data. This makes them attractive targets for cybercriminals seeking to steal identities or sell personal information on the dark web. 

Limited IT Resources

Many schools have limited budgets and IT resources compared to large corporations, making them more vulnerable to stopping and recovering quickly from cyberattacks. They may not have the latest security measures, immutable backups to restore from, or sufficient personnel to monitor and respond to threats effectively. 

Lack of Awareness

Teachers, students, and staff may not be adequately trained in cybersecurity best practices, making them more susceptible to phishing scams or social engineering attacks. Additionally, teachers expect to receive emails from personal email accounts that they do not recognize from parents or community members, making them more likely to open and engage with an email from an unknown source.  

Critical Infrastructure

With the increasing use of technology in education, schools rely heavily on digital systems for teaching, communication, and administration. Disrupting these systems through cyberattacks can cause significant disruptions to learning and administrative processes. 

Ransomware Targets

Ransomware attacks, where hackers encrypt data and demand payment for its release, have become increasingly common in the education sector. Schools are seen as lucrative targets for ransomware because they often have valuable data and may be more likely to pay ransom to restore access to critical systems so as not to interrupt student education. School systems also have a low IT budget, so they have little protection in place from these types of attacks.  

What can schools do to better protect themselves from cyber threats?  

1. Update and Patch All Systems 

Regularly update systems and execute patches, especially of antivirus software, to prevent vulnerabilities that threats actors can exploit. Outdated operating systems on school devices cannot only compromise a teacher’s ability to teach and a student’s ability to learn, but leave openings for cybercriminals to access and disrupt an environment. Additionally, if teachers and students use personal devices for schoolwork, this adds multiple vulnerable entry points for bad actors.  

2. Make a Plan for When a Breach Happens 

Education systems must recognize the inevitability of cyberattacks and have a comprehensive plan in place to quickly address them. Regularly backing up all your systems with immutable, air-gapped backups allows for quick recovery of data in the event of an attack. Creating Business Continuity and Disaster Recovery (BCDR) and Incident Response Plans are critical to making sure your team is prepared for an incident. While it’s crucial to have these plans in place, it’s also important to regularly test them to ensure that everyone is prepared and understands their role in the event of an attack. If your IT team does not have the capacity or cybersecurity experience needed, a cybersecurity retainer is a great strategy that allows you to have an experienced team at the ready to immediately respond and begin containing a breach, recovering your environment more quickly in the event of a cyberattack. 

3. Employee Training 

According to Security Today, 88% of security breaches are caused by human error. Staff cybersecurity awareness training is crucial to mitigating vulnerabilities and reducing the likelihood of a successful social engineering attack. Educate teachers and even students to recognize and avoid phishing scams, enforce strong password policies, and discourage using school devices for personal online activities. 

4. Be Proactive, Rather Than Reactive 

Education systems must remain vigilant in monitoring the cybersecurity landscape to stay ahead of emerging threats and vulnerabilities. Proactively implementing security measures like MFA, Microsegmentation, managed detection and response, and access controls can significantly reduce the risk of security breaches. By investing effort in prevention, organizations can minimize the resources needed to react to security incidents. 

5. Work with a Trusted IT and Cybersecurity Provider 

Engage with a reputable IT and cybersecurity provider that is experienced in providing support to industries that provide critical services and store private data, like education. Providers like Entara offer comprehensive solutions, including security awareness training, backup services, cybersecurity retainers, and infrastructure monitoring, to protect organizations from cyber threats. 

Take Action Now 

Entara stands ready to support schools that want to prioritize the safety of their students and teachers. Cyberattacks on a school system can disrupt crucial education, which can lead to students having to make up the work in the summer (which no one wants to do).  Contact Entara’s team for more information and discover how we can seamlessly integrate with your IT team, allowing you to focus on what you do best – educating our future leaders.  

Scroll to Top