Back-to-school time is in full swing and imagine if the only threat that schools faced would be running out of tissues during sniffle season? Unfortunately, that isn’t the case. A cyberattack warning from the FBI, CISA, and MS-ISAC has been issued indicating that cybersecurity “attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.” A recent attack on the Los Angeles school district deployed malware over Labor Day weekend. The attack was followed up with government-issued announcements that included the warning of an increased threat.
Limited funding goes beyond having enough school supplies. There are constraints on the cybersecurity resources and staffing capabilities as well. This makes a cyber attack much easier if there aren’t people and policies in place to respond quickly. Additionally, the acquisition of sensitive data, like that of school-aged children, is lucrative to hackers. They may gain access not only to the students but to parent information as well. Often, and to avoid further damage, the district may respond quickly.
Despite falling under the Department of Homeland Security’s definition of critical infrastructure, educational facilities are at risk. If you are an employee at a school district, or an MSP that provides support services to one, being proactive is key. Being reactive should be part of your process but should not be your solution!