RALEIGH, N.C. (WNCN) – COVID-19 isn’t the only virus to worry about at schools and universities. Cyberattacks planting ransomware viruses into school computer systems are a growing concern. Some security experts estimate it happens, on average, twice a day.
The non-profit K-12 Security Information Exchange believes many schools never publicly report cyberattack incidents, meaning the number of two a day is probably much higher.
Colonial Pipeline’s ransomware attack back in May gained lots of attention, but it wasn’t unique.
“There are hundreds that happen behind the scenes that don’t get reported on,” said cybersecurity expert Steve Cobb of One Source.
Educational computer systems are a rich target for bad actors, partly because, in many cases, they’re so poorly protected.
“Many school educational systems don’t have a budget line item for cybersecurity, so attackers see those opportunities to take advantage and exploit them for their own gains,” Cobb said.
That gain is cash. Cash to remove the ransomware — cash for the material stored in those educational databases like birthdays and social security numbers.
“A lot of times, the people who may be minors in that educational system, or even in a higher education system, don’t understand the credit world and how valuable that information is to a threat actor,” Cobb said.
For example, it can be years before parents of a K-12 student ever realize their child’s identity has been stolen and used illegally.
Social engineering using phishing scams to get someone to give up a password is the primary way educational systems get breached.
Cobb said it’s a good idea for municipalities and schools to train people on how to avoid these phishing attacks. Precautions include:
- Annual cyber threat training
- Live fake phishing attempt exercises to reinforce training
- Use of multi-factor authentication
Multi-factor authentication is when you go to a website, put your password in, and then the website sends a code to your phone. Before you can continue, you must put that code into the system.
With educational cyberattacks becoming more sophisticated, it’s also important that school systems, especially at the elementary level, make sure they have full-time staff dedicated to nothing but cyber security.