American Schools Find Themselves Doing Battle on the Cybersecurity Front

Posted on by Tony Kontzer

Each new school year brings change. Children wear new clothes and fresh haircuts. Parents exchange their comparatively leisurely summer mornings for the chaotic before-school routines. New friendships are formed. Even traffic gets noticeably worse.

Now there's apparently a new tradition attached to the beginning of the school year: cyberattacks.

School districts all over the country, from Pennsylvania to Alabama to Arizona, were struggling with security breaches as the school year opened, and it's a trend that has educators concerned and that parents alike will want to keep an eye on.

"School districts must adapt and take appropriate measures to protect themselves going forward," Charlie Sander, CEO of cloud security firm ManagedMethods, wrote in a recent piece for Information Security Buzz News.

Over the Labor Day weekend, the Souderton Area School District, located about 20 miles north of Philadelphia, was the victim of a ransomware attack that resulted in operational disruptions and some data being inaccessible. In the aftermath, the district was working with the Department of Homeland Security, FBI, Secret Service and a cybersecurity firm on remediation and returning its systems to normal operations.

But whereas Souderton schools remained open in the wake of the breach, other schools weren't so lucky. In New York's Orange County, a Monroe-Woodbury School District cancelled the first day of classes as it shored up its systems after successfully fending off a cyberattack. District officials had to restore data, but they credited an aggressive security program with preventing the attack from being much worse.

“We’ve been very, very proactive in making sure we have firewalls and security and software,” district Superintendent Elsie Rodriguez told a local CBS affiliate.

In Flagstaff, Ariz., schools were closed for the first two days of the school year while the district measured the impact of a ransomware attack and made sure that devices would be safe for students and faculty to use. District officials said the attack had infringed upon its ability to operate normally.

Across the country, in southeastern Alabama, the Houston County School District postponed the start of its school year in early August after a malware attack crippled its phone system and disrupted other systems. As of Sept. 10, the district was still working on restoring systems at three elementary schools and a middle school. District officials are now working with a security firm, ControlAltProtect, on options for securing data going forward.

It's worth noting that these are only the breaches we know about, and it's quite possible there are many more that will come to light later. Along those lines, another eastern Pennsylvania school district, in Bethlehem, alerted parents in August about a November 2018 breach of a third-party student assessment tool that resulted in the personal data of more than 2,000 students being stolen. The district, which found out about the breach in July, said the attack was a multi-state effort that affected 13,000 students in multiple states, and it maintains there was no evidence that any of the data had been misused.

And it's not just K-12 schools being affected. A malicious attack on Denver's Regis University this summer took out the school's phones, email and internet. On the plus side, Regis' cybersecurity faculty used the attack as a teaching moment for security students.

Meanwhile, some 50,000 students involved in university clubs all over Australia may have had their personal data compromised in an attack on Get, an app that enables university clubs and societies to facilitate payment of events and merchandise. Get said it was reviewing API calls to determine what data was accessed.

Clearly, schools are on the bad guys' radar. Hackers have increasingly targeted school districts as they've moved to the cloud in larger numbers, often before they've taken the steps to ensure they can extend their security measures to protect cloud-based data and systems.

In his piece for Information Security Buzz News, ManagedMethods' Sander suggested three approaches that would help school districts contend with this growing threat profile: focus on prevention, not mitigation; establish data loss prevention as a strategic priority; and minimize internal threats.

All of which are easier said than done, but given the carnage occurring on the educational cyber-front, they are steps that are clearly needed.

Tony Kontzer

, RSA Conference

Analytics Intelligence & Response Hackers & Threats


Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community