At a time when the COVID-19 pandemic continues to create challenges for educators across the country, another threat has been spreading with the same viral speed: cyber attacks against American schools. Hackers have identified an opportunity to exploit an sector that is distracted by other priorities, and faces an ever-increasing strain on physical, personnel, and financial resources—creating a system where educational organizations are viewed as an easy target for malware attacks, especially as adversaries test their tactics, techniques, and procedures (TTPs) against less secure entities.
CISA Director Jen Easterly recently referenced the cyber risks to “less resourced but target-rich” organizations; the education sector certainly falls in this category. As the world braces for the possibility that conflict between Russia and Ukraine could lead to broader cyber conflict intended to discourage interference by other countries, the threat of nation-state attacks against soft targets is as real as it has ever been.
Recent data shows that in the span of 30 days in 2021, 63 percent of all malware attacks globally, or 5.8 million+, were targeted at educational organizations. In 2020, a record-high 1,740 U.S. schools, including K-12, colleges, and universities, were hit by ransomware, and this trend continues.
Even in the face of all of the other priorities schools are contending with, it is clear that changes must be made to the system to address this growing threat that has paralyzed so many of its victims.
Now is the time for school systems to adopt a new approach that better positions the education sector to defend itself. If universities such as Howard, Stanford, and Michigan State—who are well-funded and much larger than most K-12 school districts—can’t prevent digital extortionists from infiltrating their networks, it should come as no surprise that local public school systems are being viewed as an easy target for attackers.
Recognizing this problem, last year President Joe Biden signed the K-12 Cybersecurity Act. A foundational component of this bill was adopting a Collective Defense model. This means rather than leaving each school system left to defend itself independently, there are mechanisms for schools to improve security by working with their peers to proactively defend up and down the vertical education chain.
A Collective Defense model creates a “community of defenders” who can collaborate in real time at network speed to combat threats. Imagine a school system with perhaps five IT staff; they could hardly be expected to successfully fend off criminal gangs with access to sophisticated tools that used to be the exclusive domain of nation-state actors. Now imagine if that school system established a collective defense architecture with 100 other schools; suddenly there are 500 people defending together, and the playing field is a bit more level.
In the education world, these collective defense partners can include schools, districts, state education systems, higher-ed institutions, and state and federal government agencies, all who can share anonymous threat intelligence with one another to provide real-time visibility of the threat landscape.
Existing security solutions—including those offered by IronNet, where I am Chief Information Officer—enable this anonymized intelligence to be generated by A.I.-powered network detection and response systems that leverage behavioral analytics, allowing schools, districts, and others within a community to coordinate proactive response efforts. This unified line of defense enhances the ability of those in the community to address vulnerabilities, respond to attacks, and mitigate their damage to strengthen the cybersecurity posture of the entire sector.
Taking this collective approach to cybersecurity is an important step that all IT leaders in the education sector should adopt—though it’s not a replacement for the many other precautions organizations should take to maximize their security, including developing incident response protocols for students and staff to follow, using multi-factor authentication, firewalls, and anti-malware to combat phishing, and enhancing data security measures to protect classified student records, which are generally high-value targets for ransomware actors.
We see multi-billion-dollar companies face data leaks and cyber attacks in the news all the time, yet continue to leave small, rural school districts to defend themselves from attacks by threat actors operating at the nation-state level from within Russia, China, and other safe havens.
Threats are accelerating and becoming more pervasive, and it is critically important for education leaders to shift to a Collective Defense approach in this increasingly dangerous environment. This tactic, coupled with hyper-vigilance and ongoing cyber education, engagement, and training programs across the board, will help safeguard America’s schools, administrators, educators and students from cyberattacks.
George Lamont is Chief Information Officer at IronNet.
