Why school districts, K12 education and ransomware remain popular and profitable for cybercriminals

At the beginning of September, only two weeks after the start of the 2022-23 school year, Los Angeles Unified School District reported a massive and highly disruptive cyberattack. As the second largest school district in the United States – with more than 1000 individual schools – the attack is one of the biggest of the year so far.

Many details about the attack are currently unclear, but there is enough information to draw some important conclusions about the cybercrime landscape, and the risks that educational institutions face.

Some of these conclusions are new, drawing on data to show why hackers seem to prefer targeting public education systems. Others simply reinforce some of the facts that security leaders already know, like the importance of effective remediation and data exfiltration protection.

There is a growing trend towards targeting K-12 education institutions and the third-party vendors they rely on and there is good reason to believe that this trend will continue for the foreseeable future.

Why Hackers Target K-12 Education

According to a 2021 study, more than half of K-12 schools in the United States and nearly one-third of higher education organizations reported at least one ransomware attack that year. Around half of surveyed institutions reported paying ransoms to restore encrypted data.

Schools and school districts are high-priority targets for opportunistic cybercriminals for several reasons:

  • Student Devices Offer a Wide Attack Surface. School administrators struggle to implement cohesive security policies for managing the risks posed by student devices. School districts can’t easily enforce the kind of device management policy that a commercial enterprise can, so district networks end up connecting with a wide range of unsecured devices.
  • Lack of Funding for Full-Time Cybersecurity Staff. The cybersecurity talent gap is alive and well, putting pressure on public school administrators who have to compete with multinational enterprises for security talent. Unfortunately, the average school district simply doesn’t have the funding to compete with a commercial enterprise, which keeps top talent from entering the sector.
  • Pandemic-era IT Policies Remain Unsecured. The sudden transition to full-time remote learning left security gaps that remain unfilled. Budget challenges have made it difficult for school administrators to establish highly secure IT infrastructure for their organizations.
  • “Think of the Children!” Schools carry a great deal of sensitive data about their students, and parents are rightly concerned about their childrens’ data privacy. Hackers are betting that school administrators would rather pay exorbitant ransoms than allow sensitive student data to become public, protecting themselves against the intense backlash that inevitably follows.

What Education Leaders and Security Professionals Can Do Right Now

Faced with these challenges, many school administrators feel like catastrophic cyberattacks have become unavoidable. While it’s true that school districts will continue to face increasingly sophisticated cyberattacks in the future, now is not the time to simply capitulate and dismiss these attacks as inevitable.

Schools need to build resilient IT infrastructure solutions that are designed to protect sensitive data against cyberattack. While it’s true that deploying these solutions can be time-consuming and expensive, the cost is generally much lower than paying $1.5 million – the average ransom paid by educational institutions – to cybercriminals and perpetuating their illicit industry in the process.

It’s important for school administrators and IT leaders to understand that there are different levels of security measures available to enterprise-level organizations, including options that are feasible for organizations facing budget and staffing challenges.

Few K-12 school districts can afford to build and staff their own 24/7 security operations center. However, basic system hardening initiatives can significantly reduce the risk posed by ransomware attacks on school districts. Many of these initiatives can be painlessly implemented at very little cost:

Build and Deploy a Cost-Effective K-12 Security Tech Stack

While there are many things K-12 school administrators and their IT partners can do to harden their current IT systems against ransomware attack, true resilience demands adding new capabilities to those systems and adopting newer technologies designed for today’s cyberattacks.

This does not necessarily mean building a fully equipped in-house security operations center. There are several asset-light approaches school administrators can take when modernizing their institution’s security tech stack.

Managed security service providers may present a compelling value for K-12 organizations that need to ensure on-demand security resources are available when needed. Automated cyberattacks prevention solutions like anti data exfiltration protection can help alleviate the burden of manually detecting and mitigating security risks and conducting time-consuming incident investigations. Deploying these innovative solutions costs much less than being forced to pay exorbitant ransoms to anonymous cyberattackers.

BlackFog is a cybersecurity vendor that specializes in providing data exfiltration protection to enterprise-level organizations, including K-12 education institutions. Find out how our technology can prevent attackers from exfiltrating your sensitive data even after they successfully compromise your network.