Arraya Insights | April 1, 2021
It’ll likely be some time before the full story of how COVID-19 has impacted K-12 education is written. However, researchers have at least begun to understand the pandemic’s effects on school districts from a cyber security perspective. It’ll come as no surprise that the threat landscape they faced in 2020 looked very different than those navigated in previous years. In fact, it changed with each passing quarter as the pandemic dragged on. With more seismic operational shifts set to happen in 2021, including a return to in-person learning or a hybrid approach, IT teams will need to learn from how threats evolved during 2020 and prepare for how they could continue to do so this year.
One source of insights into the threats faced by schools around the country last year is The State of K-12 Cybersecurity: 2020 Year in Review. This annual report from the K12 Security Information Exchange and the K-12 Cybersecurity Resource Center serves as one of the definitive sources on publicly-disclosed cyber incidents effecting US school districts.
In one of the report’s more eye-opening sections, researchers documented the cyber incidents faced by school districts last year, not just by volume but in terms of the type of incident. Here’s how each changed over the course of 2020:
- First Quarter: During those early, blissful, pre-pandemic days in 2020, K-12 schools disclosed a total of 49 cyber incidents. The most common incidents involved ransomware or some other type of malware. After that, the most frequent events revolved around student/staff data breaches and targeted phishing attacks/business email compromise. The researchers noted that these trends dovetail nicely with those observed in previous years. Once the pandemic hit, however, things started to change.
- Second Quarter: During the early days of the COVID-19 pandemic, school districts reported suffering 67 cyber events, up slightly from earlier in the year. The most common incident encountered really reflects that moment in time perfectly: Class/meeting invasions. These are your basic “Zoom-bomb” type attacks where an uninvited guest disrupts either a remote class or a meeting with hate speech, offensive images, etc. Student data breaches were the second most commonly-reported incident.
- Third Quarter: As the COVID-19 pandemic raged on, school districts saw a massive spike in cyber incidents, with 160 being reported during Q3. This spike was driven, in part, by districts distributing scores of new devices to students/teachers and implementing new platforms with little to no ramp up period. Furthermore, many districts were still also struggling to get a handle on securing remote classes and meetings, evidenced by the fact that class/meeting invasion once again topped the list of the most frequent attack. Student data breaches remained the second most common incident while ransomware/other malware and denial-of-service attacks came in third and fourth respectively.
- Fourth Quarter: The good news is cyber incidents fell during Q4, although they still greatly exceeded pre-pandemic levels as districts reported 132 incidents during the final months of 2020. This still-high number may have been due to mal-actors targeting districts during particularly vulnerable moments like Thanksgiving and winter holiday breaks. Also, schools finally managed to lock down their remote sessions, sending class/meeting invasion down to third on the list of most common events. Taking the top spot this time around was student and staff data breaches. Ransomware and other malware came in third while denial-of-service attacks finished in fourth place.
Next Steps: Preparing your organization for the security challenges of 2021
As discussed above, this year will also be one of transition. Luckily, we should all have more time to prepare. While every district is different, those preparations should, at a high level, include the following:
- Readying onsite solutions for returning educators and students. Machines may need to be updated or patched or networks may need to be re-provisioned to handle the incoming flood of new traffic. After a year in essential hibernation, onsite solutions will be due for some TLC.
- Anticipating the unique challenges to come. One example of this would be, for districts embracing a hybrid approach, how will they handle the challenges posed by securing devices as they move back and forth between home networks and school networks? These types of issues will need to be discussed and solved prior to making any operational changes.
- Revisiting user privileges. With users offsite and out of reach of IT, some districts may have expanded user privileges, giving them more freedom to solve their own issues. As users come back to the building, it’s a good idea to tighten up privileges once again in order to give attackers one less avenue to exploit.
- Getting ready for anything. Mal-actors are great at evolving based on the situation at hand. Those on the defensive side must be equally nimble. As the State of K-12 Cybersecurity: 2020 Year in Review authors point out: absolute security is a fool’s errand. Instead, leaders must be able to “identify potential risks, weigh the likelihood and significance of the real-world impacts of those risks should they come to pass,” and prepare accordingly.
These are just a few of the ways in which districts should prepare for the transitions that lie ahead in 2021. Need help navigating the threat landscape of today (and tomorrow)? Arraya can help. Our cyber security experts can help you audit your capabilities and processes in search of high risk vulnerabilities. We can also help you deploy the solutions you need to close those gaps in order to keep your users and students safe. Reach out to our team today to start a conversation!
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.