One Reason Schools Cyberattacks Are on the Rise? Schools are easy targets for hackers, according to Anne Neuberger, deputy director general manager and national security advisor
Schools and colleges have an estimated $9.45 billion in cyberattacks that will happen in the next four years. That’s according to a report by the research group Comparitech, which is also quoted by the GAO.
“We’re making the resources available, educating, bringing superintendents together to educate them about the threat,” says Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technology.
She states that the White House does not have the authority to require minimum school Cybersecurity protocols like they can with rail, airports and pipelines.
We need to move quickly and with more conviction. We think there’s going to be a lot of effort from the federal government to make progress on this issue. “Tomorrow is too late.”
In Albuquerque, Elder’s district has beefed up security protocols. There’s ongoing training for all staff, including tests where the IT department sends out fake emails to see if staff click on them.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
One Reason Why Schools Cyberattacks Are On The Rise? Schools Are Easy Targets for Hackers, Attorney General Richard Elder, Secretary of the Department of Homeland Intelligence, and a Security Advisor
He says he has become paranoid in the past few years. He was invited to a cybersecurity summit at the White House, but didn’t believe that the email was authentic.
“I got the email and I went, ‘Oh, good one! I’m going to the White House, this is a good one! ” he recalls thinking incredulously. He reported the email to his IT department as a phishing attempt.
Elder says he’s trying to get everyone in the district to feel the same sense of urgency around cyber safety. Just because you’ve been hit once by hackers, he says, it doesn’t mean it can’t happen again.
Everyone changed their passwords in Atlanta to make them more complex. The district also made cyber security training mandatory for all staff, so everyone had to learn to recognize possible phishing emails and other safe practices.
“Have you built this into your culture? It can’t just be the tech person. It’s got to be every teacher, every school secretary, every student that logs into any district device.”
Those are three things. If every district in the country did those things that don’t cost money … we [would] have a way to defend and protect our schools,” Marten says.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Cybersecurity in a School: What Is It All About, and What I Can I Do About It, and How I Can Help It
The first step is to have complex passwords. Users must give more than a password in order to log in to their account. And the third is keeping software up to date.
According to Callow, many schools don’t have basic prevention protocols in place. But it’s hard for leaders to make the case for spending on cybersafety when education budgets are already tight.
The district was still trying to figure out what happened, and which federal and state agencies to contact about it. They needed the school board to sign off on hiring specialized cybersecurity contractors, and then they needed to bring those contractors on.
“They think it shows that you failed somehow. I don’t believe that we failed. I think this is now a fact of life, and you better be prepared to address it.”
Scott Elder’s school district is exposed to hackers: A daily routine by Scott Elder explains how his district’s IT department shut down after a phone call
Johnny isn’t trying to change his grades in his room. We are a school district. Foreign nationals that are well funded were not trained to fight a cyber war.
Elder said that the FBI told him that his district had been attacked by hackers. He was shocked by the sophistication of the operation.
When the attack happened, Elder’s district was in the middle of getting quotes for cyber insurance. Their costs soared after the attack.
A typical morning routine by Scott Elder. At 7 a.m., he wakes up, drinks coffee, and feeds his two dogs. Elder’s routine was interrupted by a phone call.
Elder is the superintendent of Albuquerque Public Schools in New Mexico, and the call came from his district’s IT department, saying they had found some sort of computer virus.
The bug was in the student records system. Elder’s IT staff shut that network down. But that meant teachers wouldn’t have access to basic information about the almost 70,000 students enrolled in New Mexico’s largest school district. Educators couldn’t take attendance, they couldn’t know children’s bus routes, and were locked out of the grading system.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Schools are “low hanging fruit”: Data thieves can pose a serious problem for the public and for the children’s safety, including a case study in Minneapolis
I went from mildly disturbed to very concerned by 9 a.m. after I realized we had a real problem, and I vomited by noon.
School system data can be taken hostage by hackers if districts don’t pay a fee, as they were in Minneapolis, where the hackers threatened to release sensitive information unless districts paid a fee. Children’s data can be used to steal their identity.
There are also cases of “Zoombombing” in which someone intrudes on a video call, often with pornographic or hate crimes images, as well as denial-of-service attacks, which stop or slow the use of networks.
In many cases, sensitive data about students and staff – including social security numbers, sexual assault records and discipline information – has been stolen. Some of this information can be used to steal identities or redirect payments.
It might take a few weeks for classes to return to normal after an attack, but some districts take more than a year to recover.
Schools are “low hanging fruit,” says Noelle Ellerson Ng with the School Superintendents Association, which represents 9,000 district leaders across the country. She says schools are often the community’s biggest employer and collect a lot of data.
One reason school cyber attacks are on the rise? Schools are easy targets for hackers: Aina Andreev Survived by a Phishing Employee
“That makes it very, very ripe. You have to consider the fact that the data is so sensitive and so longitudinal that there is a huge vulnerability.
Elder said they weren’t coming back until they knew it was safe for kids. I know it’s frustrating. I can’t say you’ll get a date today. “
When he was told some staff had not been paid, Aina started looking into the matter. He learned that employees who had clicked on phishing emails a couple of weeks back had unwittingly given hackers entry to their payroll details. Hackers went in, changed the bank details and employee salaries were rerouted.
Some firms charge hundreds of dollars an hour. We took laptops from all the people that were compromised. We took forensic data from their hard drives. It was just a lot of man hours and a lot of effort and a lot of consulting time.”
The costs just kept going up. They paid for a retainer agreement with a security firm, bought cyber insurance, installed additional software and hired specialized staff.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Identifying a surprising group of people: young public school students – cybersecurity hackers are targeting children’s credit, and can create bank accounts or loans in their name
“Spending on cybersecurity wouldn’t necessarily be politically popular,” he says. “And schools often don’t have the expertise to know where they should be directing their money either.”
Two of Gravatt’s children graduated from Minneapolis schools, and one is in middle school. She only realized the extent of the attack when she checked social media.
Minneapolis Public Schools didn’t make anyone available for an interview. In a written statement, the district said it sent written notice of the attack to more than 105,000 people who may have been impacted by it.
“This breach was actually really huge,” Gravatt says. “And it wasn’t just school records. It was health records, all sorts of other things that should be private information, and are now just out there for anyone to buy.
“As it turns out, the identity information of children is actually more valuable to them than that of adults,” says Doug Levin, director of the K12 Security Information eXchange, a nonprofit that helps protect school districts from cybersecurity risks.
He says stealing a child’s identity may seemcounterintuitive because they don’t have their own resources, but it can cause a lot of havoc. Parents don’t necessarily monitor their children’s credit and bad actors can easily open up bank accounts, rack up debt and apply for loans in a child’s name.
Source: Hackers are targeting a surprising group of people: young public school students
Cybersecurity Hackers Target Young Public School Students: Minnesota Public Schools, a Center for Education and Public Safety, and the Minneapolis Public Schools as a Case Study
“The school systems’ educators are a little bit like pack rats,” he said. “And so there’s a lot, a lot of information that is collected over time, and it’s often not deleted when it’s no longer necessary.”
Black and brown students are more at risk when the school system is hacked. For example, according to a report by the Minnesota Department of Human Rights, Black students in the state are eight times more likely than a white student to be suspended or expelled.
More of their information is being input into the system. She co-founded the Twin Cities Innovation Alliance to educate and empower parents about how data collected about their children could be misused.
A student’s history of drug use may be successfully over, but their record should have been expunged, because now it’s publicly available. That information could come up in college applications, job interviews or in court hearings.
“Given how polarized the public is today about issues like gender identity, about maybe even pregnancy or immigration status, if some of that information became public for specific individuals at specific points in time, it could be absolutely life threatening.”
Minneapolis Public Schools says it provided impacted individuals with free credit monitoring services for one year, as well as guidance on how to protect against identity theft and fraud.
That guidance included a long list of steps families should take, such as placing “a fraud alert and security freeze on one’s credit file,” contacting national consumer reporting agencies and, if they suspect attempted identity theft, reaching out to the Federal Trade Commission, their state attorney general and local law enforcement.
Source: Hackers are targeting a surprising group of people: young public school students
The overwhelming experience of a mom and dad with a child: Rachael Flanery, celeste Gravatt, and cybersafety
It was very overwhelming for Minneapolis parent Rachael Flanery. She thinks it’s unrealistic to believe parents have the time or capacity to do everything the school district suggested.
I tried to be the victim of it, right? I put my head back in the sand, and I kind of was in the mindset of, well, if there’s a knock on my door and [someone] tells me my 7-year-old just bought a boat, I’ll show him where he is! And hopefully it won’t be hard to get the charges reversed.”
Her family has since moved to a different school district, but Flanery says the whole experience was scary. She’s always worried about her children’s physical safety as a parent. Now, cybersafety is another thing she’s worried about.
Celeste Gravatt is concerned as well. She hid her children’s credit so that no one could open accounts in their names. She’s especially worried that one of her kid’s health information will be made public. She still feels anxious when she thinks about it.
“I’m not what I would call a tech savvy person. So I do wonder, like, if somebody were to obtain information that they shouldn’t have, would I even know till it was too late? I don’t know.”