Think cybersecurity won’t or can’t impact you?
Well, you would be wrong.
The number of cyberattacks only continue to grow. Virtually every business you can think of has been hit–cybercriminals have targeted the pipelines we rely on for oil and gas; the hospitals we turn to in times of need, even the social media companies where we connect.
Nowhere is this more true than in our schools.
Just this past September, the Los Angeles Unified School District (LAUSD), the second largest in the country, announced it was the victim of a ransomware attack, with cybercriminals infecting the district’s computer networks, locking up files, and stealing data. In early October, the attackers followed through on their threat to release the stolen data if a ransom was not paid.
LAUSD is far from the only district impacted. One cybersecurity firm reported that this was the 50th attack on US schools this year. Ransomware attacks are particularly common cyberattacks in school districts because schools are chronically underfunded and understaffed to respond to cyber events. Ransomware is designed to encrypt all systems and devices, ultimately forcing some services to shut down. The cost of paying the ransom may be cheaper than getting the system up and running again, so the payoff to criminals is almost certain, and the likelihood that attacks will continue is almost guaranteed.
This begs the question: what should school districts be doing to protect themselves?
It comes down to three steps: Protection, Detection, and Response:
Protection
The vast majority of breaches are crimes of opportunity, so closing defensive gaps and having the right solutions such as Multi-Factor Authentication (MFA), Email Security, and Endpoint Management solutions in place is the best first step. More importantly, keep all the technology you already use current. Vendors will keep their solutions updated to respond as cybercriminals change their infiltration methods and become more sophisticated in their attacks. School districts should continuously invest to keep technology current. Delaying refreshes could leave them vulnerable.
Related:
How digital equity enhances cybersecurity in schools
4 ways to avoid cybersecurity snake oil