Jun 6
2023
Ransomware’s Prime Target: Securing Educational Institutions
By Anthony Cusimano, director of technical marketing, Object First
In recent years, ransomware has become the most destructive cyber threat impacting industries of all sizes –in the first half of 2022, there were over 236 million ransomware attacks worldwide. Threat actors have launched ransomware attacks on various targets, including businesses, hospitals, supply chain infrastructures, and education systems, to extort money in exchange for stolen data.
According to a 2022 year-end report, schools sustained the same number of ransomware attacks in 2022 as in 2021, with the most significant attack being Los Angeles Unified School District, which included over 1,300 schools and 500,000 students. While the goal of educators is to establish secure learning environments for students – be it through online or in-person education – far too many are faced with the challenge of ever-increasing ransomware attacks that makes safeguarding IT environments to ensure data protection difficult.
Education systems shouldn’t have to suffer the continuous data theft and extortion that the past few years have burdened them with. By incorporating affordable ransomware-proof tools, these organizations can ensure the safety of backups and effectively defend against ransomware attacks without paying the ransom.
Why the education system continues to be a prime ransomware target
Schools have a wealth of sensitive information about their students and faculty on hand for cybercriminals to target. This includes information such as financial aid records, birth certificates, behavioral records, and addresses that, if left unprotected, can be stolen and sold on the dark web.
Ransomware attacks pose the most significant cybersecurity risk regarding operational disruptions and overall expenses for K-12 schools and districts. This is often because these school systems need more money and education to adopt proper security tools. Within school systems, allocating resources to defend against cyberattacks is restricted by a limited budget, resulting in inadequate IT infrastructure and smaller teams – further weakening visibility to detect potential threats before it’s too late. Because of this, when compared to other industries, the education system falls short of proper protection.
But that’s not all. While there are many reasons why ransomware attacks against education systems have been and continue to remain rampant, a primary reason for this surge is that the COVID-19 pandemic increased reliance on virtual platforms for students to participate in remote learning. This shift created an even larger threat landscape for an underprepared and under-resourced industry, expanding vulnerabilities while perpetuating increased data being stored electronically. This, paired with a strained IT budget and lack of dedicated resources to fight ransomware, has left schools open for attackers to capitalize on.
The path forward: how to better protect schools against ransomware
The first step in protecting schools from ransomware is building defense strategies that invest in mature security measures. This means outlining a comprehensive plan of action for a potential attack on education systems, including roles and responsibilities for everyone from principals to IT administrators and teachers. By making a contact list for appropriate constituents that need to be alerted in the event of an attack and connecting with these people to navigate the plan of action, everyone is prepared for when disaster strikes.
In addition, it’s essential to ensure that school data is stored in a separate system that guarantees its availability and accessibility in the case of a data disruption. As ransomware attacks continue to rise — targeting primary data and, more often than ever, targeting backups – having multiple co-located backup copies, detection, and remediation is critical to ensure resilience. This is why on-premises object-based backup storage is a must-have for school systems. It provides inherent advantages such as scalability, availability, reliability, security, and immutability— and when implemented correctly, delivers unbelievable performance. It ensures that files cannot be modified, protecting them from threat actors.
When choosing on-premises object storage solutions, schools should look towards solutions designed specifically for the backup use case with hardened security and the right level of redundancy tailored for constrained IT. By implementing cost-effective and user-friendly systems, schools can overcome the constraints posed by limited personnel and restricted budgets while ensuring the best defense against ransomware with effortless immutability out of the box.
Lastly, it will always be important to educate about common cyber threats that could hit, including what signs to look out for and how to prevent them. Ensure that staff and students are participating in schoolwide cybersecurity trainings and fire drills, enable multifactor authentication into all school software and servers to ensure the correct individuals are gaining access to online systems, and stay up to date on the most recent ransomware prevention reference materials with best practices from reputable government resources.
While there is no “perfect way” to protect your organization from ransomware attacks, you can significantly reduce your chances of becoming the next victim by diligently equipping your employees with the necessary knowledge and defenses. Security planning goes beyond installing anti-virus software and integrating cloud object storage that offers better data security, so data remains untouched when an attack strikes. School districts can build a ransomware-proof environment and make ransomware a controlled risk.