Why Educational Institutions are Prone to Ransomware Attacks (and What They Can Do to Protect Themselves)
is the most significant cyber threat in the education sector, and
K–12 schools and colleges and universities are both targets. We
remember the effects on
Angeles Unified School District,
the second-largest district in the U.S. with more than 1,000 schools
and 600,000 students, when
hit by a ransomware attack, disrupting access to its IT systems.
Following a cyber attack in December 2021, Lincoln
had to shut down the following May as all systems required for
recruitment, retention, and fundraising efforts were still
inoperable. But why are educational systems an enticing target for
ransomware attacks, and how can they improve their cyber defenses?
addressing defense tips, let’s first review why educational
institutions are targeted by hackers. First, at the K–12 level,
many school systems are underfunded and can’t afford the same
sophisticated cyber-defenses that protect businesses. Few have
dedicated teams of cybersecurity professionals. Schools often rely on
older, more vulnerable IT systems that aren’t patched or updated on
a regular basis. And with services exposed to the Internet, as well
as teachers and students using their own computers and devices to log
in remotely, school systems present a large attack surface for
hackers to exploit. Many of these problems also exist at the college
schools and colleges find themselves with little recourse but to pay
if they’re hit with a ransomware attack. When attackers infiltrate
a school district’s network, they can lock employees out of
computers and systems while gaining access to valuable and sensitive
personal information. Most schools and systems don’t have the
technical sophistication to recover data in the event of a breach.
For administrators, the desire to avoid disrupting classrooms coupled
with the possible consequences of an online data leak creates massive
pressure to pay ransoms (which have gone as high as half a million
short, the combination of being soft targets and having a higher
propensity to pay makes schools almost irresistible to hackers.
the growing cyber threat, however, there are effective strategies for
making schools more secure (especially in the era of hybrid learning)
and ways to improve threat detection and prevention.
first step is to prioritize ransomware awareness among school
administration, teachers and students. Introducing security concepts
through awareness training programs can help users to adopt safe
practices when accessing computers, systems and login credentials.
security awareness education should include:
phishing attempts (in which attackers attempt to trick users into
providing their login credentials)
email security best practices (detecting emails from malicious
actors and avoid
weak or exposed passwords
incidents to the IT department
important strategy for reducing the cyber risk to schools and
minimize the threat of ransomware is to prioritize the implementation
of tools for:
This includes blocking restricted content and additional capabilities
to prevent access to websites, emails, or files that can lead to
vulnerabilities and incidents. These restrictions provide excellent
protection against threats and support adherence to compliance
regulations, such as the Children’s Internet Protection Act (CIPA).
Content filtering can be deployed using hardware appliances or
software as a service (SaaS).
Visibility tools that can track and expose threats and identify user
behavior contributing to a compromised network are a must-have for
achieving compliance. Monitoring network security threats, issues and
trends accelerate the ability to eliminate threats, set meaningful
security policies across the network, and meet critical compliance
Password-only authentication systems are inherently weak and stolen
credentials are often used in ransomware attacks. MFA requires
additional verification (such as a biometric like a fingerprint or
entering a code on a recognized mobile device) before a user is
granted access to a network or data. Educational institutions should
implement MFA alongside any bring your own device (BYOD) program to
protect user access. Look for a solution with an optimal user
experience that can make it easy to enable authentication right from
a user’s own phone after a simple install and activation.
WiFi is critical to enable learning, admin, and teaching duties in a
school setting. To deliver secure Internet access, focus on private
networks and access points that can handle density without risks.
Consider Cloud-managed WiFi solutions for optimized performance,
greater visibility and reporting.
final strategy for protecting educational systems is having a well
established backup and
disaster recovery plan.
That means identifying
the most sensitive files to be backed up, as well as which back-up
files need to be secured offline. In addition, individual schools
should have their own back-up. When it comes to backups, consider the
Keep three copies of any important files: one primary and two
Keep the back-up files on two different storage media.
Store one copy offsite.
remember that for a disaster recovery plan to be truly effective,
practice makes perfect. Don’t wait until a ransomware attack occurs
to find out whether your plan actually works.
schools continue adapting to hybrid learning, e-learning, and other
more flexible student learning experiences, threat actors will likely
continue to take advantage of educational systems. It’s paramount
for K–12 schools and high educational institutions to discuss and
implement strategies to secure hybrid learning, threat detection and
prevention and create awareness training for all levels of employees
and students. It’s also just as crucial for individuals outside of
the education sector to support the initiatives that empower schools
with the tools and resources to enable a secure learning environment
so communities can learn anywhere, anytime.
Sam Manjarres is Senior Product Marketing Manager at WatchGuard.