Understanding the Threat
Ransomware is malicious software that blocks access to computer systems or networks by locking and encrypting digital files, demanding payment for release. Cybercriminals may sell Personally Identifiable Information (PII), such as medical, financial, and academic records on the dark web. Ransomware attacks can devastate public education institutions, resulting in financial losses, reputational damage, and compromised data security.
Why Schools are Targets for Cybercriminals
Public education is an easy target for cybercriminals due to weak infrastructure, the likelihood of paying ransom, and others. According to a Forbes interview with Center for Internet Security (CIS) executive Carlos Kizzee, schools only spend about eight percent of their IT budgets on cybersecurity, making their digital infrastructure more vulnerable to cyber attacks than other sectors. Additionally, public education often pays ransom demands to cybercriminals. Sophos’ 2023 survey reported that public education had one of the highest rates of ransom payments for data recovery, with 47% of lower education institutions paying ransom and 56% of higher education institutions paying it.
The Financial Impact of Cybercriminals for Public Education
Comparitech estimates the 561 attacks in its report have cost the global economy $53.4 billion in downtime. Ransom demands can vary from $1,000 to $40 million, averaging around $1.5 million per attack in education. While many schools refuse to pay the perpetrators due to budget constraints or policy, costs associated with ransom attacks can be massive. In January 2023, CBS News reported that Baltimore County Public Schools (BCPS) had spent around $10 million in damages and security upgrades after refusing to pay ransom in the three years since a 2020 attack.
How Can Schools Defend Against Ransomware?
To enhance resilience against ransomware attacks, public education institutions can implement several cost-effective strategies.
- Education and Training: One of the most cost-effective ways to improve cybersecurity is through comprehensive education and training programs for both staff and students. Cybersecurity awareness training can drastically reduce the likelihood of successful phishing attacks and other common cyber threats, as most breaches are due to human error. Conduct regular cybersecurity workshops to keep staff and students updated on the latest threats and safe practices. These can be led by IT staff or through partnerships with local universities or cybersecurity firms.
- Access Controls and Management: Limit access to sensitive data with the least privilege principle. Implementing robust access control measures reduces the potential impact of a ransomware attack by limiting the attacker’s ability to escalate privileges. Mandating multi-factor authentication (MFA) adds an extra layer of security that can prevent unauthorized access to sensitive data or network resources, even if passwords are compromised.
- Software Updates and Vulnerability Patching: Keep software and operating systems up-to-date with the latest security patches. Ransomware attackers often exploit vulnerabilities in outdated software to gain unauthorized access to systems. Automated update tools can help reduce IT staff’s burden while mitigating vulnerabilities commonly exploited by ransomware.
- Endpoint Protection: Deploy security solutions that detect and block ransomware threats in real time. Security solutions include antivirus software, intrusion detection systems, and behavior-based analytics to identify suspicious activities. Joining the federally supported Center for Internet Security Multi-State Information Sharing and Analysis Center is free and provides member schools malicious domain blocking and reporting software.
- Network Segmentation: By dividing the school network into segmented zones, institutions can section off sensitive data and restrict access to authorized users. The delineated boundaries between different networks allow institutions to mitigate the impact of security breaches and limit the spread of malicious activity while maintaining accessibility.
- Backup and Recovery: Implement robust backup protocols to ensure copies of all critical data remain at secure, off-site locations. Ensure backups are stored securely and tested periodically to verify their integrity. In a ransomware attack, reliable backups can facilitate data recovery without succumbing to extortion demands. Don’t forget to regularly test backup procedures to be sure they can quickly restore operations without paying ransom demands.
- Incident Response Planning: A well-defined incident response plan can significantly reduce the damage caused by a cyberattack. Knowing exactly what to do and who to contact can save valuable time and resources. Create clear protocols for identifying, reporting, and responding to cybersecurity incidents. The plan should include procedures for containment, communication, data recovery, and legal considerations. Conduct regular drills to ensure everyone knows their role in the event of a cyberattack. Regularly review and update the incident response plan based on new threats and past incident reviews.
Discover Cyber Solutions for K-12 and Beyond with RAMPxchange
The public sector’s cybersecurity demands call for effective solutions and providers with a proven track record of education sector data security. The RAMPxchange cybersecurity marketplace can connect education officials with cost-effective solutions from certified cyber providers. Procure your school’s cyber and risk management solutions more confidently with RAMPxchange. Reach out to a RAMPxchange representative today to learn more.