Ransomware defense strategies and tools schools need
Schools are in an unenviable position as they confront ransomware attacks. The right capabilities could make a big difference.
Cybersecurity is a challenge schools in every state face, as budget constraints prevent them from taking action. There is a mismatch between finite resources and today's demands for educating children.
A recent and high-profile example of the threat schools face from ransomware is Los Angeles Unified School District. Over 600,000 passwords needed to be reset, while a ransom demand remains unanswered.
Following LAUSD's ransomware attack, federal authorities cited the sensitive student data held by education institutions as a key reason for the frequent occurrence of ransomware attacks.
As many as 14,000 school districts have been attacked this year, representing a combined 1,727 schools, according to Emsisoft threat analyst Brett Callow. In spite of the fact that fewer school districts have been affected than last year, "the number of incidents is still unacceptably high," Callow said.
In schools, there is a continuing need for more robust and effective cybersecurity.
It is common for school districts to be most vulnerable to cybersecurity threats because of limited cybersecurity capabilities and limited resources, according to the FBI and CISA. School districts with robust cybersecurity programs are still at risk due to opportunistic targeting common among cybercriminals.
Cybersecurity teams at many schools lack the necessary tools and staff, said Rick McElroy, principal cybersecurity strategist at VMware Carbon Black. Ransomware is a threat to nearly every organization, and schools are no different.
CISOs and cybersecurity professionals consistently cited multifactor authentication, back-up and recovery, and endpoint detection and response as must-haves for schools.
Having a prevention layer is a minimum standard, but schools can mitigate and contain cyberattacks before they become a bigger problem with tools and strategies that aid detection and response.
A school's risk also increases due to constant user shifts within the student population, which puts schools in an unwished-for position. In such an environment, real-time policies based on user behavior and device behavior are critical.
Schools will remain a frequent target for cybercriminals without these tools, strategies, and adequate staffing. These could at the very least provide schools with the confidence to refuse ransom demands.