The K-12 Cyber Incident Map
If you are an IT Coordinator or School Official you know that over the last two years, K-12 schools have become a target for Cyberattacks. In years past it was mostly colleges and universities that seemed to have a target on their back, but the threat has expanded to target K-12 schools, too. In fact, in 2017 the Department of Education issued an official warning regarding ransomware attacks.
Many school districts are not prepared for such attacks on this critical learning infrastructure or in a position to pay tens or hundreds of thousands of dollars in cryptocurrency to mitigate the problem. From January 2016 until just this past summer, the K-12 Cyber Security Resource Center has tracked more than 500 K-12 cyber incidents. Read on to learn more about some of the latest breaches and how they were dealt with.
Louisiana Declares State Emergency After Malware Attack
Nearly half a dozen Louisiana school districts were struck by a coordinated ransomware attack this summer. "The malware attacks, which were directed at school systems, affected phones and computers in at least three different communities, and the threat is still active, according to the Governor's Office. "- Lucas Ropek ,July 25, 2019.
Cyber Incident Containment and Best Practices for Prevention
The Louisiana incident led to the governor issuing a state of emergency and school districts losing data, experiencing downtime and significant expense. In order to prevent such an event for schools in the state of Indiana, these recommendations along with other preventable measures should be considered by your leadership and IT services teams. In response to the Louisiana incident other states are issuing warnings. -Posted by IN Cybersecurity Task Force on 11/7/2019
Long Island Schools Hacked; District Forced to Pay $88,000 in Ransom
According to this NBC news article. Two school districts in New York were hacked and their data held for ransom over the summer. The article reports, "The Rockville Centre School District paid $88,000 in bitcoin in order retrieve student and staff information before the school year started."
As you can imagine the headlines go on and on. Schools, and their data, are easy targets. They have limited budgets and few human resources to devote to the problem.
Having a sound strategy for prevention and response in the event that your community is targeted is key to averting a much larger outbreak due to these ransomware infections.
Given these and other recent high-profile breaches, it’s obvious that cyberattacks pose an even higher risk when an organization fails to patch its systems regularly. This makes patching non-negotiable. Learning communities need new solutions like automation to facilitate this arduous activity.
In a quest to solve this problem for our own organization, but especially for our customers, our founder has partnered with another Ohio based firm to offer an incredible solution, and it’s AUTOMATED! We are sharing this in the same spirit in which SPS was founded, finding solutions for real problems encountered in the trenches with school district IT departments. Through our partnership with a revolutionary security company we are able to help you solve this threat. Here's what you need to know about what this system can do:
- Scan and analyze your entire network and identify security vulnerabilities on any device that it can have credentialed access to log in.
- Apply software updates and security patches on an automated schedule. This is not just Windows patches but includes several Linux distributions and a number of commonly used 3rd party applications like Adobe Reader DC, 7-Zip, Google Chrome, iTunes, TightVNC, etc.
- Configure groups to define different rules and schedule for each group.
- Intelligent policy application. If you schedule sequential reboots on a group of servers and the first server reboots and doesn’t come back.up, the process stops and doesn’t advance to the next server.
- Configure automated email or text alerting for several different events.
If you would like to learn more about this product and the company behind it, as well as other consulting services we provide, click here.
If your district is a G-Suite for Education user, you may want to read our blog post: Google OU Structure and Automation.
Looking to take the hassle out of Student Provisioning?
Student Provisioning Services works with K12 districts of all sizes to implement a customized, fully automated data management system which allows you to focus on your mission and your students. Our solution is scalable, and affordable allowing it to grow along with your district. Learn more about automated student provisioning.
Department of Education: Cyber Safety Considerations for K-12 Schools and School Districts