Skip to main content
Top Button
Cyberattacks Against K-12 Schools On the Rise Cyberattacks Against K-12 Schools On the Rise

Cyberattacks Against K-12 Schools On the Rise

Cybercriminals are actively targeting the K-12 school system, as they find opportunities to defraud schools, steal sensitive information about students and faculty or use ransomware schemes to demand large payments. Aware that schools are much more reliant on their IT infrastructure, cybercriminals are moving quickly to monetize these vulnerabilities, so much so that the FBI recently issued a focused alert warning K-12 school systems of the elevated threat.

The FBI warning notes in particular the indicators of an increase in Ryuk attacks, a ransomware variant which blocks access to a system or device using encryption and is generally deployed by email phishing or exploitation of remote desktop protocol (RDP). Cybercriminals often use their access to a school’s network to first steal sensitive data—which they can sell or threaten to release publicly. Once they achieved the exfiltration objective, the cybercriminals activate the ransomware, which shuts down the school’s network and in some cases may spread throughout the network to impact teaching resources, accounting systems, and personnel files. As ransomware has become more sophisticated, many victims are left unable to recover without paying the ransom or bringing in forensic experts to restore their systems. In either case, the school may find it takes weeks to recover data and systems.

3 Ways to Improve Your Cybersecurity Posture

As K-12 schools evaluate their cybersecurity awareness and preparedness in light of the COVID-19 pandemic, below are three areas we strongly recommend paying attention to reduce the risks to the student, faculty, and district information systems:
  1. Establish and Reinforce Policies and Procedures  
    Practicing effective cybersecurity is paramount to protect critical infrastructure and data. As part of this practice, we recommend your school develop and maintain a comprehensive Information Security Program that provides guidance to students and faculty on cybersecurity. Key components for such a program may include a detailed Incident Response Plan that is regularly tested (via table-top exercises) and a risk assessment to identify critical assets and prioritize risks associated with those assets. Also, your Information Security Program should incorporate practices such as the principle of Least Privilege for Access Control—granting each user the least privileges needed for their job duties—and monitoring for malicious activity, such as blocking IP addresses from known malicious actors.
  2. Educate and Train Employees  
    It is equally important to educate and train faculty and increasingly students on the core principles of effective cybersecurity. Faculty should familiarize themselves with the Incident Response Plan to ensure they have clear instructions on how to respond during an incident. Cybersecurity education and training must be conducted on a regular basis to increase awareness of current and emerging cybersecurity risks and vulnerabilities, which will enhance the ability to detect malicious activity early. This is particularly important given how quickly the threats evolve and the need to educate users on an ongoing basis.
  3. Implement and Maintain Technical Safeguards  
    Many K-12 systems are under severe budget pressures, yet there are many technical and non-technical safeguards that can be implemented with minimal cost yet can significantly reduce the risks of many cyberattacks. Among those we strongly favor is implementing multifactor authentication, an extremely effective, yet low cost, tactic in mitigating attacks aimed at compromising user passwords and accounts. Backups—done frequently, and in a manner that keeps some copies isolated from the rest of the network—are also essential to swift recovery from ransomware attacks (as well as more mundane IT system failures or flooding risks).
Our experience broadly confirms the FBI’s warning that schools are being targeted more frequently—we also know from experience that cybercriminals will often come up with a model for conducting attacks, and once successful in one place, they will use the same tactics widely.  As schools aim to engage students through more distance learning methods, we expect the threat of cyberattacks to K-12 systems will increase. For more information on how your school district can prepare for and respond to cyberattacks, consult Ice Miller’s Data Security and Privacy team. Tiffany Kim is an associate in the Data Security and Privacy Group and has previously worked on cybersecurity issues with school districts and other government agencies as a former homeland security planner. Guillermo Christensen, a former CIA intelligence officer and a diplomat with the U.S. Department of State, is a partner in the Data Security and Privacy and White Collar practice based in DC and New York. 

This publication is intended for general informational purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstance.
View Full Site View Mobile Optimized