There have been 301 attacks against UK and US schools so far in 2019, compared to 124 in 2018 and 218 in 2017.
That’s according to Barracuda analysis of data compiled by the K-12 Cybersecurity Resource Center (K-12 CRC), which has been tracking reported attacks against U.S. schools since 2016.
This only accounts for the reported cases, however, and Barracuda says it’s highly likely that additional cases exist that went either unreported or even undetected, especially as stealthier malware that seeks to steal information, participate in botnets, or mine cryptocurrency is on the rise.
The National Cyber Security Centre (NCSC) recently published a report compiling cybersecurity-related findings from 430 schools across the UK. It found that 83% had experienced at least one cybersecurity incident, even though 98% of the schools had antivirus solutions and 99% had some sort of firewall protection.
Using a single source of open threat intelligence data and a list of all known websites belonging to U.S. and UK schools, Barracuda researchers found 234 unique malware samples that attempted to connect to school domain names.
It also found 123 IPs associated with the same set of schools that had negative reputation, which could point to additional malicious activity, in addition to disrupting activity at the school due to emails and web pages being blocked.
Among the highlighted threats are:-
Cyberattacks Against Schools — The most common threats targeting schools are data breaches (31%), malware (23%), phishing (13%), network or school infrastructure hacks(10%), and denial-of-service attacks (4%), based analysis of the 708 incidents reported to the K-12 Cybersecurity Resource Center since 2016. The remainder of the incidents were made up of accidental disclosure of data (16%) and other incidents (3%).
Barracuda says many school districts only have one or two IT personnel to service the district, let alone any dedicated cybersecurity staff. Plus, the steady increase in school-issued devices in recent years drastically expands the attack surface along with the number of systems that need to be secured.
This, it says, makes schools largely a target of opportunity as well as subject to the massive campaigns spreading scams and malware indiscriminately. Lowered security postures due to budget constraints, combined with a large user base of minors who don’t have the critical-thinking skills to properly assess potential attacks, makes both types of attacks more effective, unfortunately.
How schools can protect against the threat
Barracuda says the only way for schools to truly protect against cyberattacks is a complete security portfolio including perimeter security, internal network security, incident response capabilities, and a knowledgeable security staff to configure these solutions and handle incidents:-
1. Perimeter security
Perimeter security generally consists of network firewalls, web filters, email protection, and application firewalls. While affordable and easy-to-configure solutions are available, obtaining the budget for a full security portfolio can prove difficult for many school districts, and without all areas covered, attack vectors will undoubtedly still exist.
2. Internal network security
While internal security such as intrusion detection, data backup, and anti-malware solutions are important for catching any breaches in perimeter security, the additional risk of insider threats that schools face make these measures even more critical. While Windows Defender offers decent anti-malware protection these days, upgrading existing machines to Windows 10 to take advantage of this feature can be costly and is often overlooked by many organisations. Regardless of the software being used, though, keeping up with security patches is critical because it helps patch exploits that can potentially be leveraged by attackers.
3. Incident response capabilities
In the event of an incident, intrusion detection and incident response solutions both assist in discovering incidents and helping security staff isolate and remediate them. Data backup as part of internal network security can also assist during an incident if data is corrupted, encrypted, or deleted.
4. Knowledgeable staff
Maintaining a capable IT security staff is challenging for many school districts because IT staffing needs often compete with other much needed positions, such as additional teachers to keep up with enrollment rates. Without this staff, though, it can be difficult to patch systems and respond to potential incidents or even properly configure security solutions to maximise their benefit.