[ad_1]
When I was growing up, days with snow (days off for bad weather or heavy snowfall) were not uncommon. We would have about 24 hours of freedom and then Mother Nature would step in and fix the problem. But today’s kids are facing a new kind of snowy day that Mother Nature can’t help: ransomware.
Unlike a snowy day, a ransomware attack is ultimately not corrected by mother nature. Instead, it can interrupt school systems and classroom learning for days at a time, leaving behind a trail of destruction and financial trouble.
More than 1,600 schools were targeted by ransomware in 2020 alone. This new focus on schools was highlighted in December when the FBI issued an alert warning that nearly 60% of ransomware incidents between August and September 2020 involved K-12 schools – a jump of almost 30% from previous months.
And these attacks have a myriad of negative outcomes associated with them – recovery costs (or ransom payments to criminals) that can drain already limited budgets; personal, student and financial data may be compromised and disclosed; and the already delayed e-learning can itself be disrupted. Forced school closings for days (or even weeks) at a time to address these attacks can have very real academic consequences for the country’s youth, putting them behind in an already competitive educational landscape.
A new attack surface
While ransomware is a known destructive threat to virtually every industry, its pursuit of schools is a relatively new goal. When COVID-19 forced schools across the country to quickly switch to distance learning models, it widened the attack surface for cybercriminals looking for quick and easy payments. Attackers could take advantage of a plethora of groups new to browsing online systems. Everyone from kindergarten to staff and parents were experiencing online classrooms, remote communications, offsite IT help, and more.
Lack of cybersecurity awareness and training, shrinking educational budgets and scarcity of resources may also explain why schools have found themselves in the crosshairs of cybercriminals. A recent study by Morning Consult and sponsored by IBM Security interviewed 1,000 U.S. educators and administrators, revealing how these factors can contribute to industry risk:
- Almost 60% of educators and administrators say they have not received cybersecurity training for distance learning, while nearly 80% of teachers say they use e-learning.
- Despite the recent FBI warning to schools, half of teachers and administrators are still not concerned about impending cyberattacks.
- More than half of administrators and educators say the budget is a barrier to securing cybersecurity for their schools.
- 60% of teachers use their own personal devices for distance learning, and 34% do so without any guidelines to protect these devices.
What schools can do now
School staff are not trained to become cybersecurity experts in addition to their full-time student support work. However, there are things now schools can do to help educate and prepare staff so that they have clear guidelines in the event of an attack.
- Provide training. It may simply mean providing basic best practices related to device usage, password hygiene, and secure video conferencing. Schools can also regularly test cybersecurity skills through email phishing drills, or provide easy reference materials to staff through quick FAQs or short videos.
- Make a plan. This can include developing an incident response plan, or simply a phone tree to ensure that the right staff are contacted in the event of an attack and that students and parents are properly briefed. the situation. Once these plans are in place, they should also be repeated and tested, like any other emergency such as fires or earthquakes.
- Collaboration. One of the most crucial things a community can do to fight cyber attacks is to collaborate. Whether schools open lines of communication with their local law enforcement, learn from neighboring schools that have witnessed an attack, or take advantage of free threat-sharing services – the more information is gathered, the better it can be. be prepared for imminent threats.
IT departments also have a distinct set of actions to take. A recent blog described several best practices that technology teams can implement to protect themselves from ransomware.
Dedicated to helping teachers (and students) thrive
IBM Security is dedicated to helping prioritize cybersecurity in education, which is why they recently announced a new $ 3 million grant aimed at strengthening cybersecurity in schools. As part of the grant, IBM will provide its expertise and services to up to six K-12 school districts in the United States to help them better prepare for and respond to cyber attacks. Eligible schools can now apply for the grant until March 1 through IBM.org.
If you have been the victim of a ransomware attack and would like immediate assistance from IBM Security X-Force in the event of an incident, please call our hotline at 1-888-241-9812 (US) or at + 001-312-212-8034 (Global). Learn more about X-Force’s threat intelligence and incident response services and how we are helping protect all organizations from cyber threats and provide a powerful solution for attacks that extend beyond your perimeter.
Source link