Now, more than halfway through the academic year, many school systems throughout the United States have still not welcomed students back into the classroom. And, it’s not solely due to the pandemic. While many districts have spent months planning for remote and hybrid learning, they’ve been challenged by cybercriminals that are strategically taking advantage of increasingly remote environments. Specifically, the rise in sophisticated and aggressive ransomware attacks, found in Sophos’ 2021 Threat report, is further damaging a learning environment that is already strained.
At the end of last year, three top federal agencies – the FBI, CISA, and MS-ISAC – issued a warning of an increase in malicious cyber actors unveiling ransomware attacks targeted at kindergarten through twelfth grade (K-12) educational institutions, in efforts to disrupt distance learning services. Not only is it a problem now, according to the warning, we should expect to see these attacks continue through the 2020/2021 academic year.
Unfortunately, this news does not come as a major surprise. In just the past few months, a cyberattack shut down Baltimore County and another ransomware attack kept students in Alabama home for a week. When they were able to return, it was to in-person schooling without computers. For locations that consider it safe for in-person learning, this may be viable, but for many areas that have seen spikes in pandemic cases, it is clearly not an option.
While many school systems started upping their technology game prior to the pandemic, tight budgets have left cybersecurity strategies under resourced. This, combined with the uncertain pandemic environment, creates a perfect storm for opportunistic cybercriminals.
For channel partners servicing the education industry, this means supporting security efforts is critical. Let’s review some of the top practices for ransomware protection that every channel partner can take to support its education customers in this crucial time of need:
- IT hygiene. School systems are heavily under-resourced across the board. Partners should help them adopt and implement simple best practices that go a long way. Installing the latest security patches, implementing multifactor authentication, and making regular backups to off-site locations of sensitive records are all essentials.
- Education for educators. IT security is the responsibility of everyone in the district, so anyone with a district email account should be responsible for creating a strong password with two-factor authentication. Additionally, it’s important for everyone to understand how to spot a phishing email, especially as they are a major vehicle for ransomware delivery. Partners need to enable their customers to share this knowledge across the entire district.
- Proactive human intervention. Technology plays a big part in thwarting ransomware attacks, but it must be accompanied by a human touch. By arming education customers with an elite, human-led threat hunting response team that can recognize patterns, apply context to imminent threats, and attack recurring incidents at their root cause, partners can ensure their customers are playing offense and defense.
- Endpoint detection and response (EDR). To protect against a ransomware attack, organizations need to disrupt the attack chain from end to end. Partners can help their education customers do this by deploying EDR across every device on the network. This ensures that every endpoint is secured with up-to-date protection and provides threat response teams with the context they need to actively track down adversaries, identify threats, and act accordingly.
- Rapid incident response. In a worst case scenario where an education system is hit by ransomware, partners can support with lightning-fast incident response. Sophos Rapid Response is a first-of-its-kind service designed to get education systems in a better position, fast.
As the warning says, education systems being targeted with ransomware is not going to go away anytime soon. It is critical that partners help their education customers be prepared and responsive when it comes to defending against today’s ransomware landscape.