Many hackers are opportunistic predators and will slide to the lowest common denominator when preying on their next victims. Over the past year we’ve seen hackers direct their attention to the education sector; particularly K-12. It’s always appalling when children are taken advantage of in any manner and having their data stolen, ransomed, or leaked is no different. These children are the youth of our nation and have no sense of what’s happening to the privacy of their personal data. These breaches could have long term ramifications on children long before they’ve even applied for college or been given a driver’s permit. We live in an age now where hackers will look to disrupt and take advantage of anyone to benefit their own cause. There is no honor among thieves.
The US Department of Education recently issued a cybersecurity alert to school districts warning them of cyber attacker attempting to compromise schools. This was a broad warning, but it was a step in alerting schools that might not have known otherwise. The education sector is being ravaged by criminals looking to take advantage of lower budgets and overworked staffed. This has led to the increase in ransomware and attacks toward many districts. We’ve seen hackers steal child data and make it public to the internet, take this data and hold it for ransom or even start calling parents to physically threaten violence against their child. The effects on schools also go beyond the children’s data. There have been attackers who have taken over districts and stopped the ability for teachers to be paid. The disruption of these attacks starts with the child’s privacy, effects their education and interrupts the lives of both teachers and parents.
Unfortunately, with the lack of resources many schools are given it’s going to make them a continual target going forward. The guidance the US Department of Education recommends was conducting audits for weaknesses, perform patch and vulnerability management, review logs for suspicious activity, understand what phishing is and how to train staff and students as well as reviewing all sensitive data to verify appropriate access. These suggestions are considered the cornerstones of information security and many can be done without an expense, but there others that will include some type of tool to assist with the process. We need to work with schools to have this awareness understood and to guide them towards a proper security posture that’s going to reduce risk within their institutions with a pricetag they can afford.
At CCSI we’ve been working with school districts for decades and we understand the risks that are out there and the struggles the education sector is facing. This issue won’t go away quietly and we need to stand up for the defense of our children’s data. Whether we like it or not they’ve become a target to criminals and hackers will continually gravitate towards the low hanging fruit. By following the security basics, petitioning to local and state authorities and your local districts to get a better understanding of how your schools are being protected is a start. This isn’t something we should take lightly and the defense of our children and their education is important for everyone’s future
Author Bio: Matthew Pascucci is a Security Architect, Privacy Advocate, Security Blogger, and is the Cybersecurity Practice Manager at CCSI. He holds multiple information security certificates and has had the opportunity to write and speak about cybersecurity for the past decade. He’s the founder of www.frontlinesentinel.com and can be contacted via his blog, on Twitter @matthewpascucci, or via email mpascucci@ccsinet.com.