Main menu


Understanding Cybersecurity Risks in Education

featured image

On September 5th, the Los Angeles Unified School District (LAUSD) announced that it had fallen victim to a ransomware attack. The group behind the attack, Vice Society, threatened to leak the stolen data. The school district chose not to pay the ransom. statement on twitterAs of Oct. 3, the school district believes the impact of the released data will be relatively limited, according to a Los Angeles Times report.

The LAUSD ransomware attack is just one major trend of threat actors targeting the education sector. How can other school districts and institutions protect themselves?

LAUSD attack and response

Although the root cause of the LAUSD attack has not been revealed, phishing or other social engineering was likely used to gain access to LAUSD’s systems and launch the ransomware attack, according to a technology training firm. said Keatron Evans, Principal Security Researcher at Part of the Cengage Group, he is the InfoSec Institute. Evans has performed penetration testing, general security consulting, and incident response for school districts across the United States.

“The Vice Society has a reputation for being one of the few cybercriminal groups whose modus operandi is largely unknown. to remove it, impeding investigations and future remediation efforts,” said Itay Shohat, director of incident response and threat hunting at cyber technology and services firm Sygnia.

On September 30th, LAUSD released a statement detailing its response to the cyberattack, including its decision not to pay the ransom. “Paying the ransom does not guarantee full recovery of your data.Los Angeles Unified would rather spend public money on students than submit to a vicious and illegal crime syndicate. .”

In response to the attack, the school district launched an independent Information Technology Task Force to leverage its cybersecurity expertise in public and private sectors. LAUSD’s statement said the breach drew federal attention with his FBI, White House, and Cyber ​​security and Infrastructure Security Agency (CISA) financing support.

education as a target

Education seems to be a subject of increasing interest. Last year, 67 ransomware attacks affected 954 schools and colleges, according to a report by cybersecurity consumer website Comparitech. His 2022 State of Ransomware in Education report from Sophos, a cybersecurity-as-a-service company, found that 56% of lower education institutions and 64% of higher education institutions experienced a ransomware attack last year. I was. Education from the company’s 2021 survey.

In September, CISA issued a warning to the Vice Society, warning that it had observed the group unfairly targeting the education sector. The agency also warned that ransomware attacks against educational institutions are likely to increase. School districts with limited cybersecurity capabilities and limited resources are often the most vulnerable. ”

According to Evans, the vulnerabilities exploited by attackers in the education sector are typically no different than those in other industries. “The difference is the security regime, because the school in general he designed from an IT perspective to be more open to support usability and functionality,” he explains.

Attackers are motivated by sensitive data protected by schools. “they [schools] It also hosts a large amount of sensitive data such as student progress and behavior reports and IEPs, which threat actors can use to pressure organizations into paying ransoms,” Shohat said. says.

Addressing cyber security in education

Cyber ​​attackers’ interest in education systems is well documented, but many educational institutions lack funding and staff in other departments. “Public schools spend the majority of their money on maintaining computers to keep them useful and up-to-date, not to mention secure,” says Sophos principal investigator Chester Wisniewski. Wisniewski) points out.

Respondents to the 2022 State EdTech Trends survey reported that cybersecurity is a top priority. However, according to the report, only 6% of respondents said their state provides sufficient funding for cybersecurity, and 57% of respondents said their state provides little or no cybersecurity funding. It is said that

States can receive more funding for cybersecurity through the Department of Homeland Security’s state and local cybersecurity grant programs. The program will award $1 billion in grants over four years. Local governments, including school districts, are eligible to work with the state to apply as associate applicants.

Although more funding is likely, school districts and institutions now face the prospect of mitigating cybersecurity risks with limited resources.

“Budget constraints force schools to identify and focus on what is most important to protect. For sensitive assets such as student information, financial data and personnel records, school districts use network segmentation. You need to,” recommends Erick Galinkin, principal researcher at cybersecurity firm Rapid7.

School districts and other stakeholders in the education sector can review current security and adopt best practices such as backing up sensitive data, implementing multi-factor authentication, utilizing access controls, and investing in end-user training.

What to read next:

Noberus Steps Up Tactics: How IT Leaders Can Keep Up With Evolving Ransomware

4 lessons learned from the latest Uber breach

IT Leadership in Education: Getting Online Schools Right