From large universities to small grade schools, educational institutions are all too often targets of cyberattacks and ransomware. The pandemic has left schools reallocating budgets to support a mobile workforce and eLearning, leaving little cybersecurity and IT personnel funding.
Having more mobile endpoints and edge devices leaves educational institutions vulnerable to data loss and cyberattacks. The total number of attacks is unknown because many go unreported. Some recent examples include:
- An attack on a software provider, Finalsite, affected 4,500 school websites, causing some institutions to close temporarily.
- Visalia Unified School District’s ransomware attack in California impacted the entire district’s IT systems.
- The University of California, San Francisco’s medical school, paid a ransom of $1.14 million to unlock sensitive data encrypted by the hackers.
- Sierra College, a community college in Northern California, saw its attack take down several college IT systems, its website, and other online systems, causing outages during finals week.
- The attack on Butler County Community College in Pennsylvania also forced the school to close while they remedied the situation.
- In Illinois, Lewis and Clark Community College had to close due to an attack since students couldn’t access their email, Blackboard, laptops, or other platforms requiring a college login.
Hackers sometimes widen their net and not just target a single school or district. For example, in March 2021, the FBI issued an advisory Flash warning of an increase in PYSA ransomware targeting education institutions in 12 US states. “PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. The unidentified cyber actors have specifically targeted higher education, K-12 schools, and seminaries. These actors use PYSA to exfiltrate data from victims prior to encrypting victim’s systems to use as leverage in eliciting ransom payments.”
The advisory continues to state, “PYSA typically gains unauthorized access to victim networks by compromising Remote Desktop Protocol (RDP) credentials and/or through phishing emails. The cyber actors use Advanced Port Scanner and Advanced IP Scanner1 to conduct network reconnaissance, and proceed to install open source tools, such as PowerShell Empire2, Koadic3, and Mimikatz4. The cyber actors execute commands to deactivate antivirus capabilities on the victim network prior to deploying the ransomware.”
There is a rise in what’s called ransomware double extortion. First, the cybercriminals encrypt the school’s data and demand a ransom. If the ransom isn’t paid, the culprit leaks the data to the dark web, hence the double extortion. The stolen data usually contains sensitive personnel and student data– personally identifiable information (PII) that institutions are regulated to keep safe. But that’s not all the data these bad actors are after. They frequently target valuable research data, too.
Why Target Community Colleges?
Cybercriminals target community colleges around the US for many reasons, including the fact many have cybersecurity insurance as part of their insurance portfolio. However, with more community colleges targeted, cybersecurity insurance is becoming more difficult and costly to obtain. As enrollment declines, institutions are left financially troubled, lack IT resources, and don’t possess the latest cyber defenses. These factors combine to make community colleges an appealing target for bad actors.
Cybercriminals are savvy, timing their cyberattacks around school holidays when the bad actors know IT staffing is limited, with many on vacation.
Why Community Colleges Are Important to the Economy
Community colleges provide many vocational programs as well as graduates in the healthcare and IT fields. Since funding for these two-year colleges is based on enrollment, there’s a direct correlation between financial support and resources. With fewer students, there are fewer resources. With fewer resources, colleges are forced to cut back, thus becoming less attractive to students, causing a drop in enrollment—and the downward trend continues.
One of the largest higher education systems in the country is the California Community Colleges (CCC). According to the governor’s budget, the CCC serves one out of every four of the nation’s community college students, about 1.8 million students.
Lending a Financial Hand for Cybersecurity
California Governor’s 2022-2023 proposed budget provides $100 million in cybersecurity assistance for CCC. Proposition 98 General Fund allocates $25 million ongoing, and $75 million in one-time funding for CCC to upgrade its cybersecurity.
Per California’s Legislative Analyst’s Office, “Colleges are largely responsible for their cybersecurity. The state subjects most state agencies, including the CCC Chancellor’s Office, to cybersecurity standards developed by the California Department of Technology (CDT) and federal government. In addition, CDT and the California Military Department (and, in some cases, third party vendors) conduct audits to bolster state agencies’ compliance with cybersecurity standards. In contrast, the state does not require community colleges to follow specific standards, and community colleges are not routinely subject to oversight or audits of their cybersecurity programs and processes. As locally governed entities, community colleges also make their own decisions about budgeting for technology and data security, including setting their associated staffing levels and deciding how much to spend on hardware and software purchases. Colleges typically use apportionments (general‑purpose monies) to fund cybersecurity costs.”
Source: Legislative Analyst’s Office
Protecting Educational Institutions with Certified Cyber Protection
A school may feel cybersecurity is too costly or partnering with a Managed Service Provider (MSP) isn’t necessary. However, if the school falls victim to a ransomware attack, the costs can amass upwards of six figures. Educational institutions can mitigate their competing priorities faster by working with the right MSP. In addition, MSPs help schools keep pace with the latest tools and best practices for security audits, data protection, vulnerability management, and security awareness training.
Acronis SCS partners with top MSPs to provide a full suite of robust, certified and compliant data backup, protection, and cybersecurity solutions designed to fulfill the public sector’s unique requirements. Acronis SCS Cyber Protect Cloud takes a multilayered approach to block ransomware and other cyberthreats while supporting recovery. Our solution is FIPS 140-2 validated and CJIS compliant, which helps keep your data secure from cyberthreats while remaining accessible to those who need it. It is also HIPAA compliant to guarantee the highest levels of data confidentiality and integrity standards.