The Multi-State Information Sharing and Analysis Center (MS-ISAC) reports a 19% increase in ransomware and other cyberattacks targeting K-12 schools between 2019 and 2020. That increase is attributed largely to the use of ineffective cyber protection tools and technology, as well as a large number of students using remote laptops for distance learning during the pandemic.
“All those students and teachers on their computers dramatically opens up the attack surface,” said Josh Moulin, an executive at the Center for Internet Security (CIS), the organization that runs MS-ISAC, reports the Washington Post.
Even as schools gear up for return to traditional learning this fall, the problem is expected to persist, if not grow considerably. MS-ISAC projects an 86% increase in school cyber attacks and ransomware in 2021.
Schools are not only vulnerable but particularly attractive to hackers, Moulin said. Hackers believe school districts will be desperate to start classes, therefore, more likely to pay the ransom. Also, there is the added perk of stealing personal information from students, who are less likely to notice that someone is using their identity to commit fraud.
“Hackers have found this is the perfect type of data to steal because most people don’t look at their kids’ credit until it’s too late. When they go to apply for college and suddenly realize the own a house somewhere,” said John Wargo, director of technology for the Central Susquehanna Intermediate Unit, a regional public education group in Pennsylvania.
Despite the seriousness of the situation, attacks against schools have drawn far less attention than high-profile attacks, and education isn’t listed among the 16 critical infrastructure sectors that President Biden has demanded that Russia place off-limits from government and criminal hacking.
School districts that have been victimized by ransomware attacks include Las Vegas, Hartford, Conn., Park Hill School District in Missouri, Buffalo, New York, Baltimore and more.
There are steps that schools can take. MS-ISAC offers a suite of free cybersecurity tools for K-12 institutions across the country, and urges schools not to pay ransoms, a position that’s also held by the FBI and the Department of Homeland Security.