Strengthening Cybersecurity in the Vulnerable Educational System

School systems may not immediately come to mind as targets for cybersecurity attacks. However, threat actors have increasingly turned their attention to them, recognizing that the extensive digital infrastructure supporting schools contains a wealth of sensitive information that can be stolen or exploited for financial gain.

It was reported earlier this year that hackers stole private data of over 700,000 current and former Chicago Public Schools (CPS) students in a ransomware attack, subsequently posting it on the Dark Web. Exploiting a vulnerability in a technology vendor’s software that CPS was using to share data, hackers accessed a server and compromised information from the district and over 60 other organizations nationwide. The stolen data included students’ names, birth dates, genders, and CPS student ID numbers.

There was also the PowerSchool breach that is currently on track to become one of the biggest breaches of the year. The company stated that hackers used compromised credentials to breach its customer support portal, further allowing access to the company’s school information system, which houses sensitive information such as student records, grades, attendance, and enrollment.

Teachers, administrators, students, and even parents/guardians urgently need to reduce the likelihood of a cyberattack, no matter the time of year. With the right tools, skills, and awareness, school districts can strengthen their cybersecurity posture and remain well-protected from the evolving threat landscape.

Much like the business sector, the education system has integrated digital infrastructure to support day-to-day activities and administrative duties. Students rely on computers to complete and submit assignments, teachers use them to manage their students’ progress, and administrators depend on them for communication, analytics, and record-keeping. This reliance on technology has resulted in school districts accumulating a massive reserve of personal and sensitive information, including phone numbers, email addresses, social security numbers, and even medical records and credit card information—all of which can be exploited by threat actors.

Many high-ranking members within the education system fail to realize what a treasure trove the data within their systems could turn out to be to a cybercriminal. As a result, many school districts lack the necessary cybersecurity infrastructure, training programs, and general awareness to stay protected against attacks. This vulnerability has led threat actors to target schools, hoping to exploit under-protected systems and easily hijack valuable data.

School districts with inadequate cybersecurity measures and training programs are much more vulnerable to sophisticated network attacks or software exploits. However, the lack of cyber defense training among both students and staff poses an even greater risk for successful social engineering or phishing exploits. As a result, attacks are easier to execute, allowing threat actors to hijack private credentials or attach viruses, malware, or ransomware to seemingly innocent communications.

While summer vacation is approaching and the semester will be coming to a close soon, it is imperative that school districts integrate a new wave of cybersecurity operations into their systems to avoid these issues as they could arise at any time. Simultaneously, threat actors are likely to target school infrastructure and unsuspecting users in hopes of an easy payday. With this in mind, schools should take proactive steps to safeguard against cyber threats, both through robust cybersecurity infrastructure and comprehensive, ongoing school-wide training.

First, school districts must implement fundamental cybersecurity measures as a baseline level of protection. This includes next-gen, AI-powered email security solutions, advanced threat detection and response, endpoint security, patch management, as well as strong passwords backed with multi-factor authentication (MFA). Phishing resistant MFA is also highly useful for all official school accounts.

Secondly, school districts must ensure that all private and sensitive information is securely backed up with immutable storage. In the event of a breach or a ransomware attack, or if systems become compromised, districts can be reassured that stored data isn’t lost. Properly storing data also prevents threat actors from extorting school districts, as they have access to backed-up data even if the original versions are rendered inaccessible.

Lastly, it is critical to foster a student body and administration that is knowledgeable about cybersecurity best practices. Through regular training and thorough awareness programs, school districts can create a “human firewall” that significantly reduces the likelihood of a successful attack.

To build an effective human firewall, school districts can adopt the ‘mindset-skillset-toolset’ triad:

Mindset – Raise awareness among students and staff about growing cyber threats
Skillset – Combine awareness training with simulations for workers and students
Toolset – Incorporate tools that support secure behavior by employees and students

This approach should be applied holistically, but it’s important to note that specific demographics require tailored approaches to training. Key differences to consider include:

Students, teachers, and administrators use devices and accounts for specific purposes, with some handling more sensitive information than others.
Faculty and administrators, who regularly use school devices, likely have the most up-to-date software and protection from private Wi-Fi and Ethernet connections. However, their contact information is often publicly available on school websites, making them particularly high-risk targets.
Parents and guardians are less likely to use school devices but should be educated about cyber risks to help their children understand potential dangers and serve as a resource if suspicious activity occurs.
School districts need to implement age-appropriate training that teachers and parents/guardians can ensure is closely followed both in class and at home, with the sophistication of training gradually increasing for older age groups.

School systems may be at a higher risk of cyber attacks than ever before, but they are not powerless to prevent threat actors from disrupting their activities. By implementing robust security infrastructure, fostering awareness, and providing regular training, school systems can ensure that their students and staff are prepared to mitigate any potential cyber threats at any point throughout the school year.

Daniel Blank, COO at Hornetsecurity

Daniel Blank has over 15 years of experience selling complex IT products, and 13 years of various managerial positions in the cloud security environment. Daniel joined Hornetsecurity in 2010 as Key Account Manager, quickly becoming Director of Sales, and finally assuming the role of COO in 2014. Today, Daniel is responsible for Sales, Presales/ Education, and Human Resources at Hornetsecurity.