Back to School...Back to Ransomware Attacks

It’s back to school time! And you know what that means: no, not just homework and new shoes. Today, we’re focusing on the now-annual but still alarming uptick in ransomware and cyberattacks in the education sector this time of year. While it may come as no surprise to those of us in IT operations, it’s still shocking to see graphs like this one from a recent Comparitech ransomware report:

Comparitech School and College Ransomware Attacks Chart
Source: Comparitech

Technology in Education + Ransomware Attacks

As you can see, September generally accounts for a pretty hefty chunk of ransomware attacks. Attackers know that as schools get back into session (especially with COVID-19 still rearing its head), IT operations will be hectic. This presents them with a window of opportunity, so to speak.

For example, if we know that a school district has 5,000 students coming back onto campus at once, then it’s not too much of a leap to assume that their SysAdmins are a bit distracted. And a large university can go from virtually no connected devices to tens of thousands in one week, putting enormous pressure on IT teams.

IT Operations Challenges for Schools

In addition to the sheer quantity of end users and endpoints IT departments juggle this time of year, a major issue in the education sector has traditionally been understaffing. As reported recently in EdTech, IT staffing remains a pretty well-known problem, which attackers knowingly exploit through various means. Aside from malware, attackers may take advantage and coordinate attacks when staffing is minimal, or leverage social engineering on a taxed or newly-hired IT employee.

If you add to that the fact that it takes education organizations an average of more than 180 days to patch Microsoft Windows 10 devices, attackers have access to plenty of critical vulnerabilities ripe for exploitation.

This combination of factors is why we see such an uptick in cyber attacks as classrooms fill back up.

An Added Challenge for IT Operations: Remote Learning

Obviously, a good patch management solution can help mitigate many vulnerabilities, but schools are being presented with new problems at a pretty rapid clip, as the past year or so has shown with the shift to remote and virtual learning.

If you think that remote learning has made an already tough challenge tougher, you’re right. Remote learning presents a number of extra difficulties for resource- and staffing-strapped schools that in turn can open the doors to cyberattacks. As verified in the Comparitech report, over 1,700 schools/colleges were attacked last year, costing $6.62 billion. That’s nearly $7 billion that can no longer be used to educate students or provide university scholarships.

Whether it be multiple types of devices in a bring your own device (BYOD) environment, or legacy devices on a network most would deem “out of date,” having remote users accessing your network can be pretty scary. Remote users in the education sector include students and staff, as most SysAdmins report that staff and faculty are generally less knowledgeable of new technology than students.

So, what to do? Now, more than ever before, good cyber hygiene from all users local or remote should be at the front of every IT administrator’s mind.

Cybersecurity and Education - Best Practices for Schools

You always need a layered approach to cyber hygiene and cybersecurity, regardless of your organization’s size, industry, or age. Start by conducting an IT environment assessment so that you have an accurate picture of how many endpoints you are managing, which applications are being used, and which operating system (OS) is being run on each device.

In the education world, this can be particularly difficult, especially as BYOD has become a popular necessity over the last few years. When the resources are available, it’s best for a district or institution to provide owned devices to its faculty and students, so you can at least control configuration and security.

However, if you are managing BYOD environments, some best practices include things like:

  • Leveraging automated patch management across the various OSs in your environment (this is especially helpful for understaffed institutions)
  • Using a secure VPN for remote workers/learners to access network resources (a widely-accepted security standard)
  • Using a secondary domain name server (DNS) provider to help filter content for devices that are outside of an IT administrator’s control

As a former teacher, a former SysAdmin, and a former network security dude, this just happens to be one of those areas I’m passionate about – and have a bunch of experience with. Those in the education sector can cross fingers and hope they don’t become the next unlucky victim of an attack, but the best strategy is to have good patch automation and a solid network perimeter!



About Automox Automated IT Operations Solutions

Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.

Demo Automox to see how you can immediately gain effortless command of your endpoints.

Dive deeper into this topic

loading...