Over the past couple years, society has made a dramatic switch to online shopping, online business, and online learning. A large amount of operations and programs are ran online. Almost all data is stored online as well as most sensitive information. However, for the longest time most schools, specifically K-12 schools, kept their data in folders and taught their students on whiteboards. Slowly, public schools did start to integrate technology into their system. Devices such as smartboards were the first step. Some schools gave each student a laptop or tablet that they were responsible for taking care of. Over the course of a few years, schools started to rely on technology to store their student’s data and eventually, a lot of operations were conducted online; though not all of them. That quickly changed amidst the pandemic. In under a year, schools were shut down and forced to switch to another form of learning, online learning. Zoom classrooms, virtual labs, and online testing systems quickly took over. However, because the switch to online learning occurred in such short time, there are a lot of holes in the IT infrastructure. In other words, there is a lack of cybersecurity within public school systems. Several cyberattacks were reported in 2020, 2021, and 2022. Most of these cyberattacks affected the students, the parents, the staff, and forced the IT teams to shut down schools until they could rebuild their systems. Of course, of all the systems they could target, why would cyber criminals target schools?.
Public schools, especially K-12 schools are easy targets for cybercriminals for a couple of reasons. First off, they often lack real training in cybersecurity. Students as well as teachers are not properly taught how to report or avoid cyberattacks. In fact, according to an article by cbsnews.com, 60% of teachers claim they have received no additional security training, especially during the pandemic. Cybercriminals are hitting schools with the same tactics they use to target businesses, most of these tactics are preventable with proper awareness training.
Most cybersecurity threats are attached to phishing texts or emails. Phishing refers to when an attacker sends a seemingly legitimate and important email or text in order to get the victim to comply for something. Most phishing emails will pose as banks or insurance companies in an attempt to milk personal information out of their victims. Other phishing emails call for verification such as passwords. Phishing emails are a much bigger problem than they seem but are easily preventable with proper cybersecurity training. There is almost always something off about a phishing email and things you can look for to prevent the attack. Most students and teachers are not taught how to avoid these scams and so they are an easy target for hackers.
By far the most common cyber-attack on public schools is a ransomware attack. Ransomware attacks can start as phishing emails, they can also start from something as simple as a compromised password. Ransomware refers to an attack in which the cybercriminal hacks into a system and takes control of the data in that system. The hacker denies the victim access to their data unless a ransom is paid. These payment requests can range from one hundred to one million dollars. Ransomware attacks are dangerous because there are many instances in which a cybercriminal goes undetected for long periods of time. When this occurs, the data loss is often too much to get back even after a ransom is paid. Simply because there is no guarantee the hacker will return all of the data.
These attacks, Distributed Denial of Service attacks, are also common in public schools because they are relatively easy to carry out especially if the network is poorly protected. During a DDoS attack, a cybercriminal will gain access to data and cause a widespread of disruption to the entire network. DDos attacks slow down productivity and for IT teams to shut down systems in order to take control of them again. Because it is a relatively easy attack, there have been plenty of instances where students and teachers have carried out these attacks as well.
In some cases, cybercriminals involved in school attacks can be bored students or teachers that are protesting or attempting to change grades or whatever the case might be. In most cases, cybercriminals attack schools because it is easy and rewards financial gain. According to an article by Infosecurity-magazine, cyberattacks on public schools cost a combined total of more than $6 billion. This is just from the attacks that were reported. Most public schools are not required to publicly report cyberattacks and so many of them go under the radar.
With all of that being said, most if not all of these problems are preventable. Cybersecurity is becoming more and more important as the years go on and it would benefit schools to enforce it as well. Simple training programs aimed at teaching the staff, students and even the parents about how to detect, avoid, or report cyberattacks can be really beneficial. The world will only continue to rely more on technology, learning about its dangers is going to be important.
Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.
Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range. We train students in penetration testing,disaster recovery, incident handling, and network forensics. Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.