It seems that no organization is safe from cyberattacks these days – even school districts. In September, two school districts in Los Angeles and Michigan were victimized by ransomware attacks that closed schools for several days. Unfortunately, these are not isolated incidents as school districts around the country increasingly find themselves the target of malicious intent — there were 1,681 cyberattacks on schools in 2021, according to this report.
School districts have a target on their backs
Maybe we shouldn’t be surprised. School districts are a treasure trove of personally identifiable information (PII). Students, teachers, administrators, employees – even parents – are required to give up personal information to school districts for enrollment and employment purposes. This data is spread across distributed networks over multiple campuses and is increasingly accessed by a growing number of endpoints. Remote learning, in particular, expanded threat surfaces as students logged in to learning platforms from home – and each personally managed desktop, laptop, tablet, and phone can act as a vulnerable access point into the network. Making things worse is the fact that school districts often have small IT budgets with few security resources, making it extremely difficult to harden this expanding perimeter. Unfortunately, threat actors are becoming increasingly aware of the potential of school districts as viable targets for malicious activity.
Existing security solutions are failing
While security for school districts hasn’t changed all that much over the past few years, threat tactics have been rapidly evolving to take advantage of expanding attack surfaces. By leveraging Highly Evasive Adaptive Threats (HEAT) that prey on the shortcomings of traditional security solutions, threat actors are able to easily gain initial access to the network and take control over critical systems and data. These traditional detection-based security tools fail to stop HEAT attacks because they can detect malicious activity only after it’s already on the network. By then, given that today’s attacks operate at near real time, it’s safe to assume that the network is compromised.
School districts need to carefully reevaluate their security solution
It’s clear that school districts around the country need to rethink their cybersecurity strategy to better protect students, teachers, and employees, but gaps in knowledge, resources, and budgets make a wholesale rip and replace untenable. Here are five things school districts should know when looking for a security provider.
1. Understand that you are at risk
The first step in solving the problem is recognizing it. As soon as you accept that your existing security solutions aren’t enough to stop modern threats, you can take the steps to harden your security posture. That often requires a frank discussion with district administrators and the people who make these important decisions. The right security provider should be able to help you initiate these conversations and uplevel the security discussion.
2. Understand where you are vulnerable
The next thing you need to do is work with your security provider to better understand where you are vulnerable. This begins with a security assessment that sets a baseline for your security posture, identifies where you want to go, and sets a viable plan for achieving your security goals in a manageable and enforceable way. Important questions to consider include: How do students, teachers, and faculty access network resources? Are they protected no matter where they log in? What is your cloud exposure? Do you have a way to authenticate users?
3. Incorporate prevention AND detection
Detection isn’t inherently bad. It’s just incomplete. School districts need to layer protection on top of their existing detect-and-respond security strategy, using advanced technology such as email and web isolation to protect users. This allows districts to evolve away from a network-centric approach to cybersecurity and toward a user-based strategy. Isolation technology takes a proactive approach to threats, preventing them before they ever happen by assuming all traffic is malicious and executing it in the cloud, not on the endpoint. This makes it easier for school districts to build their security strategy around the NIST framework of identify, protect, detect, respond, and recover. The right security solution provider can provide both prevention and detection capabilities.
4. Add a security layer on top of the existing security stack
It’s just not viable to rip out existing security infrastructure and start over. Schools are in session now. Data is stored on vulnerable endpoints now. Malicious actors are not going to wait until you have a new system in place. Layering protection on top of your existing security stack gives you a security blanket that allows you to explore further investments and make changes in a deliberate, phased approach that doesn’t leave you vulnerable. Be wary of any security vendor that wants to completely replace your security stack all at once. Choose a solution that will allow you to add to your existing security posture.
5. Understand the impact of security on the user
Even the best security strategies are dependent on the user. Asking someone to change how they work or access the Internet breeds frustration and leads to workarounds. You simply can’t shut off whole sections of the Internet, especially given how critical exploration and free access to information is to education. Your new security strategy needs to be transparent to the user and preserve the native browsing experience. No configuration necessary. No performance degradation. No limits to what users can access and not access. Look for a security provider that understands that the Internet needs to work like the Internet – just in a safer manner.
It’s time to find a better security provider
School districts need to rethink how they protect users from malicious actors. This requires understanding where they’re vulnerable and how they can protect users without impacting the way they access learning resources. Most importantly, however, is finding a security provider that can help you close the security gaps created by outdated security solutions and put you on the path to stopping cyberattacks before they are able to access your network.