Schools should prep for ransomware with response and comms plans, experts say
Connecting state and local government leaders
The pandemic increased the footprint of what schools need to protect.
For K-12 schools, better incident response plans and transparency with the public can mitigate the impact of cyberattacks, experts said.
The education sector faces a range of cyber challenges today, including ransomware, targeted phishing scams, data breaches and denial-of-service attacks, Doug Levin, co-founder and national director of the K12 Security Information eXchange, explained during GovExec’s May 18 Cybersmart TV segment.
“Over time, these incidents have been growing both more significant and severe, almost any way that you count it,” Levin said. “But if I were to pick one type of incident that is most troubling and keeps most K-12 IT leaders up at night, that would be ransomware.”
Since 2019, ransomware actors have been specifically targeting the K-12 sector. The most routinely reported incident involves malicious cyber criminals exfiltrating data about students and employees, increasing their payoff demands, Levin said.
Social engineering attacks like phishing scams used to be much simpler as well, said Bhargav Vyas, assistant superintendent for compliance and information systems at New York’s Monroe-Woodbury Central School District. Before, these scams usually revolved around an email but now, threat actors are sometimes posing as human resource officials and asking victims for personal information like vaccination records, he said.
The number of devices schools must secure also increased to meet remote learning needs during the pandemic. “We have a lot more devices,” Vyas said. “Many school districts decided to go to one-to-one either right before, or during the pandemic,” meaning that each student was given access to an internet-capable device.
Vyas’ school district went to one-to-one during the pandemic, resulting in them tripling their device footprint. “It's extremely critical for us to make sure that the schools are aware and that increasing the footprint means increasing the value of protection,” he said.
On top of awareness, the panelists said schools need better incident response plans. Very few have plans in place that are specifically developed with cyber incidents in mind, Levin said.
Those plans should also map out how to communicate with stakeholders. Levin advised schools to be transparent about security breaches, sharing anecdotes about districts that got negative press for hiding relatively small incidents while others that faced significant attacks gained the faith of parents and teachers because they were more forthright.
“Not only did these school districts not lose the faith of their community, they probably increased it,” Levin said. “But again, it's really all about having that plan in place in advance. If a school district does not have that plan when an incident occurs, we've really seen them struggle to get a handle on the incident and also communicate about it to their school community.”