With ransomware attacks against K-12 schools on the rise, the federal cybersecurity authority and a nonprofit hosted a webinar this week to brief educators on what to expect and how to deal with it.
As if they didn’t have enough on their plate with remote learning and COVID-19 safety, K-12 schools experienced a rash of ransomware attacks in 2020 that’s expected to continue through the school year and into the future. To help educators navigate the problem, the federal Cybersecurity and Infrastructure Security Agency (CISA) and nonprofit National Cyber Security Alliance (NCSA) hosted a webinar on Wednesday in which cybersecurity experts urged constant vigilance, regular training and sharing resources.
CISA has seen a marked increase in ransomware attacks on K-12 school systems since the start of the pandemic, and officials from the agency say there’s no easy software solution to what is sure to be an ongoing problem. Citing an official alert from CISA published Dec. 10, Acting Deputy Assistant Director Bridgette Walsh said the fact of so much remote learning has given malicious actors more opportunities to exploit vulnerable remote desktop protocol (RDP) services. She said this has increased the need for training everyone on the system how to spot suspicious emails and attachments, and having a plan in case of an attack.
“It’s often a game of whack-a-mole in terms of cybersecurity protection within an organization, because you’re only as secure as every user in your organization, or who connects with you,” she said. “It’s everybody from the top down. Everybody from the superintendent, all the way, honestly, to your students in schools who are using … laptops.”
Ryan Kalember, executive VP of the cybersecurity company Proofpoint Inc., said there is no piece of technology that will magically block the threat of ransomware, but some precautions are simple and free. For school districts with very limited budgets, he advised not worrying about ransomware on iOS devices, but focusing on student and staff training on laptops, email, even spreadsheets, as well as consulting with people who can locate network vulnerabilities.
“Cybersecurity is a $100-billion industry that has not solved this problem, so in a lot of respects, we are not necessarily focused on the thing that would be most impactful here, which, at the end of the day, I think is the human element, for about 90 percent of these threats,” Kalember said. “The other 10 percent, I think you can get scrappy on that front, too. Crowdsource a penetration test. Go figure out some smart computer science student in high school who knows how to use a tool like Shodan. Figure out if you have a vulnerable exchange server like we’ve heard about on the news the last couple of weeks. You can actually look at what the hackers are looking at, too – they’re looking at you from the outside.”
Aware of the financial limitations of so many K-12 districts at the moment, Walsh said another way for schools to shore up network security is to split the cost with shared service agreements, so neighboring schools aren’t paying for the same thing several times. She also recommended that school administrators make connections with county and state CIOs and CISOs.
In any case, Walsh said CISA, the FBI and the U.S. federal government all advise against paying culprits to settle a ransomware attack. She gave three reasons: Paying comes with no assurance that the attackers returned all data and network access, nor that they’ve completely vacated the system, nor that they won’t turn around and do it again. She said any school district that gets hit or threatened with ransomware should call either the FBI or CISA, and the two agencies will coordinate with each other and the district on how to respond. CISA has a list of ransomware reference materials for K-12 schools here.
Never miss a story with the daily Govtech Today Newsletter.