Ransomware has become a dangerous situation in our country with our elementary, high schools, and colleges under attack. From coast to coast, the cases are mounting.
In March, hackers demanded $40 million from the Broward County, Florida public school district. After the school district refused to pay, the hackers published nearly 26,000 files from the district’s servers, including sensitive financial records and confidential employee and student data. In Baltimore, 115,000 students were unable to take classes because of a ransomware attack that disabled its network systems. Similar attacks in places like Fairfax County, Virginia, Hartford, Connecticut, and Fort Worth, Texas, have rocked the nation’s education system.
Unfortunately, the nimbleness of the education system to teach remotely during the pandemic came with unintended harmful consequences. With online learning, educational institutions are increasingly the targets of cyberattacks, jeopardizing the well-being of students, educators, and staff.
Research from the K-12 Cybersecurity Resource Center found an 18% increase in cyberattacks on schools during 2020. Further, 28% of all reported ransomware incidents involved K-12 schools from January to July of 2020, according to This Joint Cybersecurity Advisory, which includes the F.B.I. In August and September of 2020, that number jumped to 57%.
The financial losses are staggering. The average total cost of a data breach for an organization across all industry sectors amounts to over $7 million. Yet, the most lasting damage may result from the loss of trust from students and the belief that school is unable to keep their most sensitive information safe. Cyber breaches can cause long-term reputational damage that can plague institutions for years.
There are several ways breaches can take place. 91% of cyberattacks started with a phishing email, while 81% of hacking-related breaches leveraged either stolen or weak passwords. 66% of malware was installed through malicious email attachments. Hackers have even disrupted virtual learning by entering virtual classrooms and verbally harassing students. These tactics can be relatively simple, but also devastating.
It’s critical that educators, law enforcement, and cybersecurity experts collaborate to secure our nation’s schools. This means institutions must prioritize cybersecurity, and policymakers must provide the necessary funding so networks can be updated and strengthened.
While the cyber threats facing education institutions can appear daunting, it’s important to remember that 93% of breaches could have been avoided with basic cyber hygiene. Empowering school communities to take ownership of cybersecurity can go a long way toward securing institutional networks.
As we emerge from the pandemic, now is the time to evaluate the lessons learned and how to build our education system on a stronger foundation. An essential pillar is ensuring that educational institutions are equipped to protect sensitive information of students, educators, and administrators.
Read more here.
-John Ramsey, Chief Information Security Officer, National Student Clearinghouse
John Ramsey is the Chief Information Security Officer at National Student Clearinghouse. Mr. Ramsey was formerly the CISO for the U.S. House of Representatives and members of Congress, which has 950 sites across the entire United States and associated territories. In March 2017, he was selected as one of the top 100 CISOs globally, only one of two government CISOs selected.