Why Our Schools Are Under Increasing Threat of Cyberattack

Posted September 15, 2020

Over the past few weeks, we have reported how ransomware attacks on corporate America were increasing as attackers go “big game” hunting targeting the likes of Tesla and Garmin. Now as our kids start a new school year with varying levels of distance learning, school districts across the country are being hit by a wave of ransomware attacks. Hartford CT, Mitchell County NC, Haywood County NC, University of Utah, Ponca City Public Schools in Oklahoma and Somerset Berkley Regional High School in MA are a few of the schools and districts that have been recently attacked. A report published in April of this year by Armor, found that 94 school districts and colleges had publicly reported a ransomware attack and those attacks potentially impacted 1,150 schools nationwide in just the first three months of 2020.

Just as our risk of cybercrime increases as we move more of our daily lives online, our nation’s schools are seeing increasing cyber threats as education is pushed online. The software and technology required to enable distance learning is also introducing new potential threat vulnerabilities to our schools.

On the surface, it seems obvious why attackers would target large corporations with deep financial resources as an easy ransom target. But finding the reasons to target a school is a little more complex. Schools generally can’t quickly and easily payout a million-dollar ransom but there are other motivations for hackers to target schools.

Personally Identifiable Information (PII)

For identity thieves, PII has value regardless of its source and school IT systems can be a wealth of PII on both students and parents. Experian defines PII as:

Personally Identifiable Information (PII) is any piece of information meant to identify a specific individual. This often includes data such as a Social Security number, driver’s license number, financial accounts, email addresses, login credentials and passwords, addresses, phone numbers, and birth date.

This information is your unique identifier, singling you out among billions of others. PII connects you to every facet of your life: to the credit scores that allows you to purchase a home, the DMV so you can drive, and to your doctor’s office and your medical records.

The PII data stolen from schools have immediate value on the dark web as seen in the estimates below provided by Experian.

System Resources

Schools and school districts can be relatively easy targets considering the amount of IT resources available and general lack of sophisticated security. Hackers often use IT resources from a previous attack to provide scale in subsequent attacks. In a Botnet attack, the hackers take over thousands or tens of thousands of computers to brute force their way into other systems or scour the web for the next victim. Schools can be a relatively easy target as attackers build out their server and network resources.

Boredom and Fame

Unfortunately, the tools required to perform these attacks are within easy reach for even the unsophisticated attacker. It is easier than ever for kids to engage in these attacks. The motivation for the young among us to engage in cybercrime can perhaps be for no other reason than boredom or to simply see if they can. Evidence of this can be found in the recent arrest of a 16-year-old accused of bringing down the Miami Dade County public schools. The teen is being charged with Computer Use in an Attempt to Defraud — a third-degree felony. His reasoning for the crime and level of understanding of the severity of the crime has yet to be determined.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.