Even though it's something they prepare for, a couple of attacks right next door have highlighted the seriousness of the issue for Minnesota school districts large and small.
"We know it could happen to anybody," said Thuesen, the technology coordinator for Austin Public Schools. "Student data is desirable to people, unfortunately. This is not something that only large schools have to worry about."
According to the U.S. Government Accountability Office, cyber attacks on school systems increased during the global pandemic as the world of education transitioned to remote systems. The number of students affected by ransomware attacks — where hackers hold data and systems hostage for a big payout — on schools or school districts went from the 39,000 in 2018 to over 1 million in 2020.
Although attacks decreased in 2021 according to the same report, CISA and the FBI released a joint statement in September 2022, saying they "anticipate attacks may increase as the 2022-23 school year begins."
"Over the past several years, the education sector, especially kindergarten through 12th grade (K-12) institutions, have been a frequent target of ransomware attacks," the joint CISA/FBI statement said. "Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff."
In recent months, those broad, national statistics have been reflected close to home in Minnesota. In February, Minneapolis Public Schools was the target of cyber attacks. That scenario included the bad actors posting a video, demanding $1 million to not release confidential information.
A few days after detecting unusual activity on its network on April 6, Rochester Public Schools shut down its network and canceled classes on April 10, forcing the city's 17,000-plus students learn in a low-tech environment. RPS also postponed MCA testing.
While RPS has not publicly stated this is part of a ransomware attack, the canceling of a school day on Monday, delayed testing and restricted access to its network are all signs of such an attack mentioned in the joint statement from CISA and the FBI.
Even if the details about Rochester's ongoing issue haven't been released, it's still a district of more than 17,000 students that has had to alter its operations because of its cybersecurity.
In a state with more than 300 school districts, those of Rochester and Minneapolis are both among the seven largest.
However, school officials across the board say that makes no difference when it comes to cyber attacks.
"In a time when we should really be focusing on academics and kids' mental health, all the sudden we're dealing with issues like that," Mark Matuska, superintendent of Kasson-Mantorville Public Schools, said, referring to cybersecurity.
Matuska went on to say there's two sides to cybersecurity: the technology itself and then the human element.
Officials from Austin, Kasson-Mantorville, and Byron all described training employees on being tech savvy. Thuesen said Austin Schools has sent out fake phishing schemes to employees to see what kind of links people will be prone to click on.
She explained that while adults often have systems in place to notify them of identity theft, the data of a minor makes a tempting target since those warning systems are often not in place.
"If I got a child's data, and that child was of a very young age, there's potentially years I can use that data before anyone would notice," she said.
Superintendent Mike Neubeck, said Byron Public Schools was in the process of updating its technology systems even before the situation in Rochester happened.
Neubeck said cyber attacks are somewhat like the reality of school shootings: They're something schools obviously don't want. They're something districts have to prepare against. But, when they happen, you see if there's any lessons that can be learned.
"When something like this happens, you evaluate what you have in place and what you could do different," Neubeck said. "You're concerned, but you're not going to totally flip things upside down because a lot of things are already put in place."
©2023 the Post-Bulletin. Distributed by Tribune Content Agency, LLC.
