TCP Episode 119 -- Ransomware in Schools

Listen to this episode on Cybertraps.com, Apple Podcast, or your podcast platform of choice.

Show Notes

Ransomware is a growing problem for organizations, including schools

What is it?
How does it happen?
Why does it happen? $$$ – $7bn in 2021
Who’s doing it?
We are all on the front lines now

Problems for Schools

Down time for school personnel, distraction from mission
Inability to access data; closure of schools
Loss of data, identity theft, invasions of privacy
Reputational damage
Financial loss
Technical and legal fees
Ransomware payment

How Can Schools Protect Themselves

Have air-gapped backups
Conduct routine cybersecurity audits and threat analysis
Training and education for all members of the school community
The greater the access, the more training is needed
Particular focus on phishing (leading attack vector) and other intrusion methods
Competent and thorough IT department
Patch, patch, patch
Limit ability to install new programs without thorough testing
Collaboration with law enforcement
Take advantage of increased funds for cybersecurity
Bipartisan Infrastructure Law
American Rescue Plan Act
Increased interest in cybersecurity offers great opportunities for education and job training

How Much Should Schools Share with the Public?

Organizations often face a temptation to not report cybersecurity breaches
Have a thorough response plan in place; review and update on a regular basis
Consult with law enforcement to avoid interfering with investigation
Communicate quickly and thoroughly with parents if (when) a cyberattack occurs
Increased transparency helps define the scope of the problem and risk factors for others

Resources

• 28 March 2022 -- Funding Is Flowing for Cybersecurity Efforts in Every Government Jurisdiction
• 27 March 2022 -- LI schools hit with 29 ransomware attacks, hacks, other cyber incidents in past 3 years
• 24 March 2022 -- Officials are still in the dark on ransomware
• 24 March 2022 -– Why school districts need to be more transparent on cyber
• 23 March 2022 -– Cybercriminals made $7bn in pure profit in 2021, says FBI
• 23 March 2022 -- FBI, CISA advise 13,000 orgs to have ‘low threshold’ for reporting cyberattacks
• 22 March 2022 -- Add a New Dimension to Ransomware Defenses in Education
• 16 March 2022 -– APS says no data compromised during January’s cyberattack
• 15 March 2022 -- Cyber Notification Bill Critical, But Won’t Stop Bad Actors Entirely, Says Senator
• 11 March 2022 -– Superintendent speaks out about cyber security incident at Altoona Area School District
• 10 March 2022 -– MA Offers Free Cybersecurity Training to Schools, Cities
• 7 March 2022 -- Greensville County School board orders technology audit after cyber-attack
• 7 March 2022 -- Valley Educators Prepare Students For Cybersecurity Workforce