Report: Schools One of the Biggest Targets for Ransomware

School districts have seen a stark rise in cyberattacks in just the last several years, according to the newly released report. Part of the problem could be traced back to digitally savvy students.

by / October 10, 2019
Shutterstock/Rymden

This summer, K-12 schools saw an unprecedented rise in cyberattacks, with schools being hit more in those months than throughout the whole of 2018. 

That's according to a new report from endpoint resilience firm Absolute. The report was compiled after a survey of data from over 1,200 K-12 organizations and claims schools are the second most popular target for ransomware attackers next to local governments.

Since 2016, there have been over 700 cybersecurity incidents at schools across the country. Of those, 49 were ransomware attacks that affected school districts during this year alone, the report states.

Ironically, increased digital literacy and more complex IT landscapes in schools may actually be escalating risks.  

That's because students — now almost always digital natives — are provided with more connected devices by schools than ever before. They also often attempt to circumvent security protocols and Web content filtering on those devices by using Web proxy and rogue VPN tools, the report alleges. These attempts open the schools up to infiltration by bad actors.    

"Our students today are so much more technically savvy. Digital is just sort of their life. It's what they grew up with," said Christy Wyatt, Absolute CEO. "The thought that basic controls can contain their creativity was one of the theories we really wanted to challenge. When we looked at it, we realized how broadly and pervasively this was really happening."  

Wyatt said she had a personal experience with it through her own 18-year-old son, who pooled his money with friends to buy TunnelBear — a VPN software that allowed them to bypass security to play games on school devices.

While these kinds of youthful antics might seem harmless, they can be the very opportunity a malicious actor is looking for, Wyatt said. Those actors can use the students to spread malware or ransomware on a school's network. 

"One of the things that's been most prominent over the last six months is the number of schools that are being targeted with ransomware," Wyatt said. "Ransomware has become such a huge challenge in enterprise... While schools are being targeted, there is probably less of a conversation with students about it and what to do about it."

Schools, like other enterprises, need investment and support from government to adequately deal with these challenges, Wyatt said.  

Similarly, a goal for schools and district officials moving forward might be to open up a broader dialogue with students and young people about digital safety, Wyatt said. Still, this kind of communication is more of a challenge for schools than for other organizations. 

"It's much tougher to tell a fifth grader not to click on ransomware," Wyatt said. "They're much more vulnerable. And so I think we have to do more to reach out and not just educate the community about what the risks are, but give them access to resources so that when something starts to go wrong they can respond and adequately protect themselves."  

Lucas Ropek Staff Writer

Lucas Ropek is a staff writer for Government Technology. He has worked as a newspaper reporter and writer in Massachusetts and New York. He received his Bachelor's degree in English from Kenyon College in Ohio. He lives in Northern California.

Platforms & Programs