In Cybersecurity, School Districts Are Failing the Test
Many school district IT teams now realize they still have a lot to learn about the perils of poor cybersecurity.
That’s because schools have become much more enticing targets. As private companies invest heavily in their cybersecurity, it drives up the cost of security expertise, making it difficult for schools to compete for top IT talent. What’s more, budget cuts have meant that schools often lack the financial resources to adequately arm and protect their networks. So, they definitely don’t have the means to pay for the hidden costs that come with data breaches.
At the same time, schools are collecting more data about students than ever before, while increasingly relying on technology to teach students and control school operations. The result: lightly protected networks filled with valuable student data have made school districts a popular target for identity thieves and cybercriminals who hold data for ransom.
Cybersecurity Gets a Failing Grade
According to the K-12 Cybersecurity Resource Center, U.S. K-12 school districts across the country experienced a total of 122 cybersecurity incidents in 2018. Both outsiders and insiders (including students) are attacking schools using a variety of methods, including phishing attacks, unauthorized data breaches, and denial of service attacks. Cyberattacks have resulted in the loss of millions of taxpayer dollars, stolen identities, tax fraud, and altered school records.
Cyber attacks significantly impacted a number of school districts this year:
- In Louisiana, Governor John Bel Edwards declared a state of emergency after three Louisiana school districts saw severe, intentional cybersecurity breaches. The attack shut down phones and encrypted data, disabling operations just days before school was due to start.
- In Ohio, a “Trickbot” malware infection caused such major issues to the IT infrastructure of the Coventry Local School District that the district needed to send students home. In addition to computer networks, the infection also brought down the district’s phone network and HVAC system. According to Lisa Blough, Coventry Local School District Superintendent, “the goal of the virus is to get banking information or money from those that are attacked. One of the first computers infected was in the treasurer’s office.”
- Edtech provider K12.com discovered that it exposed a database of student information to the internet, which included the private, protected information of more than 19,000 students—including their name, birth date, school district, gender, and grades.
As more and more school systems and teaching tools go digital, data breaches will only get worse. Without adequate measures, more and more private information about children is at risk of being stolen, sold and used by criminals to commit all manner of identity fraud. This can prove damaging for many years to come. School districts have the moral responsibility, if not a legal liability, to protect student data at all costs.
Protect Your Organization With Soc-as-a-Service
The increased impact of cybercrime on schools is a textbook case of the need for all organizations to shore up their cybersecurity approach.
The place to start is to have a strategy in place to monitor, detect and respond to threats in real-time. But with limited resources, the learning curve is steep and establishing adequate protection within your organization isn’t always feasible.
A security operations center (SOC)-as-a-service like Arctic Wolf makes it simple to stay protected through the use of machine learning and human expertise.
Because IT teams analyze threats and vulnerabilities around the clock, they can more effectively evaluate and prioritize risks to put their full focus on the cybersecurity efforts that will have the most impact. In addition, SOC-as-a-service helps overtaxed IT teams bolster their cybersecurity expertise by providing 24/7, on-demand access to a dedicated Concierge Security Team™ of experts.
Discover how you can tackle cybersecurity challenges using SOC-as-a-service by downloading the Definitive Guide to SOC-as-a-Service.