The Coming Storm: How K-12 Schools Face a Growing Risk of Cyber Attack
At one time, cyber attackers primarily targeted big federal government entities and corporations with deep pockets, but that pattern has changed. Today their attacks threaten organizations at all levels of government, including state and local agencies, state-funded colleges, and K-12 schools.
Challenges faced by schools, in particular, have only increased with the advent of Covid-19, which forced districts to depend on makeshift hybrid models and virtual private networks (VPNs) to support remote students.
Cyber Dangers Faced by Schools
In fact, the number of endpoint devices in K-12 schools increased 74% from 2019 to 2020. While this has improved educational options for students, it has also increased the attack surface and overwhelmed IT staff, who were often already stretched to capacity.
The statistics are alarming. K-12 schools experienced an 18% increase in cyber attacks from 2019 to 2020, resulting in 408 publicly disclosed incidents—although the actual total is undoubtedly higher. Microsoft Security has reported that 61% of 7.7 million enterprise malware attacks in one month targeted educational institutions, making it the most affected industry.
Bad actors can infiltrate systems and encrypt or use personal and financial data for students, teachers, and staff. A 2021 report found that the typical education institution paid an average of $112,435 in ransom to retrieve its data and get networks running.
The Challenges of Operational Technology
Operational technology (OT) is particularly vulnerable since it is often overlooked and less likely to be thoroughly secured. One survey found that 38% of security leaders with OT environments rate their cybersecurity vulnerability as grave or serious.
Traditionally, OT environments were air-gapped from IT, but this distance has shrunk or disappeared entirely as technology grows more sophisticated. For example, in the past, school districts only needed to be concerned with the physical security of their HVAC equipment, thermostats, lighting controls, fire safety systems, and similar OT, but these devices are increasingly tied to the internet. As a result, ransomware and other threats target OT systems more frequently.
The Loss of Technology Talent
This is happening at the same time that school districts face a wave of retirements. As the Baby Boomer generation retires, the population of young adults replacing those workers is much smaller. Furthermore, the stress of the pandemic has caused many K-12 teachers and staff to consider retirement. But it is increasingly difficult to replace retiring IT workers; the U.S. has half a million IT jobs going begging, and more than 3 million IT jobs remain unfilled worldwide.
How can school districts fight increasing cybersecurity risk while facing a dearth of qualified IT specialists? Fortunately, they don’t need to go it alone. With decades of OT and IT experience, the specialists at OBAN are here to help.
Schools can count on OBAN’s critical infrastructure security solutions to thoroughly evaluate their cybersecurity posture, identify gaps, and develop plans to improve security for operational technology, schools, and students.
For more information, contact OBAN online or call us at (703) 714-6667.