Cincinnati Public Schools and other districts around the globe are the target of hundreds of thousands of hacking attempts almost daily. Cyber criminals see a COVID-forced remote learning environment as a vulnerability in internet security. As hackers scramble to get in, schools are looking for ways to keep them out.
Cincinnati Public Schools has been fortunate and hasn't had a successful attack yet, says Jeremy Gollihue, CPS' chief information officer.
"Everybody's really nervous," he says. "The overall landscape has changed. There definitely has been an uptick. The most common attack going on right now against K-12 are ransomware attacks."
That's when a hacker steals your data, encrypts it and makes you pay to get it back.
The internet security company Sonic Wall reports ransomware cases are up 40%. In addition, the amount demanded has increased from a few thousand in 2018 to an average of $230,000.
Baltimore County, Maryland, schools were hacked just before Thanksgiving, leaving seniors wondering how to get high school transcripts to colleges, among other things. At the time, school officials said they had cyber insurance but were in the process of figuring out what it covered.
Hackers shut down the first day of Toledo Public Schools online. In response, the district turned off its server and stopped emails when it detected the work of cyber criminals.
To combat such breaches, IBM is offering $500,000 grants to six school districts. Applications are due March 1. It also surveyed 1,000 educators and administrators and found the following:
• Need for training: Nearly 60% of educators and administrators say they aren't sure or haven't received new cybersecurity initiatives or training for remote learning, despite 78% of educators saying they're currently utilizing some type of online learning.
• Educator awareness: More than half have not received cybersecurity training and nearly 50% aren't familiar with video bombing, despite its popularity during the pandemic and nearly 1 in 5 saying one of their peers had experienced video conferencing-related security issues during class.
• Level of concern: Despite growing headlines about ransomware attacks on schools, half of educators and administrators aren't concerned about an attack against their own institutions.
• Security knowledge: While administrators are nearly 20% more likely to receive cybersecurity training than educators, they are still unaware of critical information relevant to protecting their schools. For example, 83% of administrators expressed confidence in their school's ability to handle a cyberattack, yet more than 60% are unaware whether their school even has a cyber insurance plan.
• Budget constraints: Over half of educators and administrators surveyed said budget is a large or medium barrier in strengthening their institution's cybersecurity posture.
For the school districts who apply for the IBM grant and don't win, the company's Christopher Scott offers the following advice to educators: "Focus on preparedness. Are you thinking about what would happen if something was done? Who would I contact from law enforcement? Do I reach out to the FBI? Am I collaborating with parents?"
Scott says, "We're all in this together. We're all here to make this a safe and secure environment."
The non-profit Consortium for School Networking has been tracking legislative efforts to get schools the money they need for cybersecurity, among other things. Twenty-seven states, Washington D.C. and the federal government introduced nearly 100 bills. Out of that 10 new laws were adopted.
Schools might want to start saving now. The global education technology market is expected to account for 5% of all education spending by 2025.
CPS has already spent hundreds of thousands of dollars on cybersecurity. "One of the next things we're looking at is some cloud-based security layers that allow us to control things even before they get to Cincinnati Public Schools," he says. "Just out on the World Wide Web we could see more of the attacks coming before they get here."
