According to Dark Reading, education is now the biggest target for ransomware attacks—surpassing government, healthcare, energy/utilities, retail and finance industries. The ransomware technique—using a computer virus to hold data hostage—has been around for decades, but it’s gained notoriety in recent years. It’s a threatening trend, for sure.
During a recent conversation with Thomas Norman, CPP/PSP, global security technology consultant for Ingram Micro, we learned more about this growing threat, why education customers are often easy prey, and how you can help them tighten their cybersecurity.
Why are cybercriminals using ransomware to specifically target schools?
Like most bullies, cybercriminals seek easy targets, and there are several reasons why schools are higher on the list. Typically, schools’ IT departments are underfunded, which means they don’t have the skills or resources to maintain an airtight cybersystem—especially in K–12 education.
Another reason is the increasing use of mobile devices in education. From students having remote access to school course materials to collaborating with teachers and fellow students to signing up for classes, researching topics and discovering new apps, mobile technology creates a dynamic and interactive learning environment. Yet while today’s students can get anytime, anywhere access to information on mobile devices, most schools today don’t have adequate security controls for their mobile devices. In other words, their networks are laid bare to the internet, which can leave proprietary student information exposed to savvy threat actors.
It’s a major concern. So, we have a pinch between a lack of funding and typically a lack of skills to address increasingly sophisticated threats—made worse by the fact that mobile technology is growing in prevalence, yet rarely fully protected.
What information do cybercriminals want?
Most of the information on mobile devices in K–12 is information controlled under compliance to prevent the distribution of proprietary info of children within the education system. FERPA (Family Education Rights and Privacy Act) is the compliance standard that schools are held to in the U.S. It’s a federal law that protects the privacy of student education records. If there are any student or education records on school-issued mobile devices, ransomware may seek to find it.
In cases where mobile devices only contain classroom data (not personal information or student records), hackers may use ransomware as a ploy to reach the mother lode—the full set of student records held at the district level.
What types of ransomware are being used?
There are two different kinds of ransomware. One type simply encrypts the data (and often the programs and the operating system, too)—preventing schools from using their own data. Other types of ransomware also steal the data before it is encrypted. Both are a big concern, and ransomware incidents of any type put any school or district in violation of FERPA.
What can K–12 and higher education customers do to prevent cyberattacks, including the growing threat of ransomware?
If it isn’t already a top priority, tightening protection against ransomware should quickly become one. Fortunately, education customers aren’t powerless against cyberthreats. It starts by recognizing what needs to be protected—these four common targets of attack:
- The system (the hardware, software, mobile devices, wired/wireless networks, servers, workstations and phones)
- The internet connection (browsing, emails, url clicks and url redirects)
- The data (particularly compliance-based data like personal student records)
- The users themselves
How can you, as the trusted advisor, help?
Start by categorizing your education customers by size, which will help steer you toward the right cybersecurity solution.
For example, on the smallest scale would be individual private schools (usually with one or two locations). From a security perspective, these schools would need cybersecurity systems like those geared for SMB businesses.
Medium-sized school districts (with a handful of schools scattered throughout a community) would likely have the competency and skillset of a mid-tier commercial business, which will help you suggest the appropriate solution.
Lastly, large school districts in major metropolitan areas, such as New York, Chicago and LA, would be best suited with an enterprise-class cybersecurity solution. While their budgetary resources are still limited, their larger size often enables them to have stronger IT resources and support.
What should a cybersecurity solution for education include?
Just like in any other customer with limited resources, schools need security components with the least cost and highest effectiveness, in this order of priority.
To protect systems: Invest in access control and intrusion detection. By controlling access to the devices and the applications, we have a much better chance of keeping bad actors out of the systems. This includes rule- and/or role-based access control, plus single sign-on capability and federated access, which gathers all the devices and applications under a single domain. For students using mobile devices, customers should also have a VPN.
To protect data: Suggest data encryption solutions, so that even if a hacker gets access to data, they won’t be able to use it.
To protect internet usage: Invest in malware protection that guards against browsing/email attacks, URL clicks and URL redirects, which can automatically download nefarious software like ransomware. Make sure the malware protection can address zero-day infections and that it’s adaptive to address new threats that are continually introduced.
To protect users: Invest in anti-phishing training. This will help people become “human firewalls,” so they can easily recognize what’s fake and what’s real when reading email or browsing the internet.
What cybersecurity solutions does Ingram Micro offer? Is there anything new?
Ingram Micro offers a wide range of cybersecurity solutions geared for each of the three categories of education customers (small, midsize and large).
Ingram Micro also added a new offering called CISO as a service (CISOaaS), which makes chief information security officers (CISOs) available through one of our partners, Fortium. It’s a team of highly qualified former CISOs from major corporations who make themselves available four hours per month for strategic planning, review of school cybersecurity and ongoing evaluation that existing countermeasures are sufficient for dealing with cyberthreats. They provide guidance to Ingram Micro partners, as well as to the end users, to ensure they’re optimizing their limited resources.
For more information on helping your education customers boost cybersecurity, contact the Ingram Micro public sector sales team at (800) 456-8000 or visit our Education Playbook.