Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

In the Hacker’s Crosshairs: K-12 Schools

In education, cybersecurity is rarely top-of-mind — until a major incident occurs. Yet, according to the Federal Bureau of Investigation (FBI), schools are top targets for cybercriminals, resulting in ransomware attacks, data theft, and the disruption of online learning.

In education, cybersecurity is rarely top-of-mind — until a major incident occurs. Yet, according to the Federal Bureau of Investigation (FBI), schools are top targets for cybercriminals, resulting in ransomware attacks, data theft, and the disruption of online learning. Earlier this month, the Albuquerque public schools were forced to cancel classes due to a cyberattack that locked district staff out of the information database they use to record student attendance, determine who is permitted to pick students up from school, and store student emergency contacts. Weeks prior, a ransomware attack on software provider Finalsite, a vendor providing services to the education market, affected the accessibility of 5,000 school websites. Cyberattacks are particularly challenging for K-12 schools, as they often face resource limitations and cannot attract the necessary talent to implement enterprise-grade defense strategies. Therefore, K-12 institutions will need to find ways to address these growing threats.

And growing, they’re. Last March, the Buffalo, N.Y., district canceled classes for two days in response to a ransomware attack. Since the start of the pandemic, cyberattacks have also prompted school closures in districts including Broward County, FL; Hartford, Conn.; and Clark County, NV. So, what is driving the uptick in these security incidents?

The flurry of new technologies needed to support the shift to remote learning as a response to the ongoing health crisis has left schools increasingly vulnerable to security risks and potential attacks. New applications, delays in patching, and failing security controls added complexity and vulnerabilities to environments where security had often been an afterthought. When exploited, these vulnerabilities pose significant risk. 

The endpoint is the new network edge, and the primary attack surface is literally in the hands of children. Almost one-third of education devices studied in the 21/22 Endpoint Risk Report: Education Edition contained sensitive data — nearly half of which was social security data, and 39% of which was protected health information. This has opened up new potential attack vectors for cybercriminals and placed student and school safety at risk. According to the FBI, malicious cyber actors are focusing on K-12 institutions since they are easy targets of opportunity. 

Ransomware in particular poses a danger to schools. As of August 2020, Politico has reported that ransomware attacks have hit 58 education organizations and school districts, including 830 individual schools.

Making Security an Imperative

Although long underfunded and under-resourced, cybersecurity in education must now step to the forefront. Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working at all times to minimize the risk of falling victim to cyberattacks. 

The following fundamental measures can help K-12 school districts minimize their exposure to ransomware attacks:

1. Implement cybersecurity awareness training to educate staff and students on how ransomware is being deployed and how to recognize and avoid spear-phishing attacks. 

2. Patch operating systems, software, and firmware as soon as manufacturers release updates.

3. Implement application and remote access to only allow systems to execute programs known and permitted by the established security policy.

4. Regularly update anti-virus and anti-malware with the latest signatures and perform regular scans.

5. Back up data regularly to a non-connected environment and verify the integrity of those backups.

Beyond these generic preventive measures, school districts must pay special attention to the state of their endpoints, as those devices are often the launchpad from which ransomware spreads across the network. In this context, the following measures are recommended:

• Monitor for unusual activity and specifically look for suspicious behavior or spikes in connections on devices that are usually quiet.

• Lock at-risk devices and restrict device network access to halt the spread of malicious software.

• Harden existing endpoint security controls, as it is imperative to keep endpoint security software like anti-virus, anti-malware, VPN software, and/or disk encryption active and up to date on all devices. To address the talent shortage, emerging endpoint resilience technology can help school districts to make their endpoint security controls resilient against software decay or malicious actions by self-healing these critical applications whenever needed. 

• Establish an undeletable connection to the endpoint to orchestrate remediation actions remotely while still being under distress, e.g., by reimaging the operating system of a compromised device. Again, emerging endpoint resilience technology embedded in the firmware of devices can help by maintaining an unbreakable connection.

Ultimately, following these best practices will both improve a school district’s cyber security posture and reduce their exposure to debilitating cyber-attacks. 

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...