Apr 01 2021

Q&A: Renee Tarun on How to Prevent Ransomware Attacks

Fortinet’s deputy CISO discusses the threat of ransomware for K–12 schools and shares her thoughts on best practices for prevention.

First, the good news: In 2020, despite the shift to remote learning, the number of reported ransomware attacks on K–12 schools decreased by 20 percent compared with the previous year. The bad news? Individual attacks were more severe, and the FBI has reported a recent surge in attacks, which it predicts will continue through 2021.

The danger that ransomware poses to school districts goes beyond the threat of cancelled classes or compromised and disabled networks. Having identified ransomware attacks as a growth industry, hackers are not only getting better at stealing sensitive data, they’re also demanding more money from their victims, according to the K12 Security Information Exchange (K12 SIX), a nonprofit dedicated to K–12 cybercrime prevention.

Hoping to better understand how ransomware attacks are perpetrated — and eager to hear how they can be prevented — EdTech spoke with Renee Tarun, deputy CISO and vice president of information security at Fortinet. Tarun, who previously worked for the National Security Agency, didn’t mince words. While K–12 leaders and their school communities are indeed prime targets for ransomware attacks, Tarun says there’s plenty that can be done to lower the risk of attack.

CHECK IT OUT: Here's how Fortinet solutions can protect K–12 districts from ransomware attacks.

EDTECH:  K12 SIX documented 50 publicly disclosed ransomware attacks on U.S. schools in 2020. How do these attacks take place?

TARUN: Around 50 percent of all ransomware attacks start with social engineering, and the primary way that works is through email phishing. You click on a malicious link, and the next thing you know, your data has been encrypted and the cybercriminal is demanding a ransom.

What we’re seeing now is the bad actors getting better at convincing victims to pay up. One tactic they’re exploiting is exfiltrating the data before they encrypt it. Then they can say, “If you don’t give us this ransom, we’re going to expose your data to the world.” They’re also threatening to corrupt the data, and they’re even going after data backup solutions and trying to corrupt those as well.

EDTECH:  During one two-month stretch last year, more than half of all reported ransomware attacks were against K–12 schools. What makes districts so susceptible to ransomware?

TARUN: One reason is their security solutions often aren’t where they need to be, but they’re also more vulnerable because of distance learning. With everyone spending so much time online and connecting to their school networks from home, cybercriminals are exploiting any avenue they can.

DISCOVER: These 3 online learning tools help boost remote instruction.

EDTECH:  What kind of information about schools and students can be accessed when these attacks are successful?

TARUN: School districts hold an abundance of personal data. Student records, phone numbers and addresses, social security numbers — this is all valuable information. And especially when you consider the fact that most kids don’t have credit established, it can be very lucrative for a cybercriminal to sell or use that data for their own gain. It might be years before anyone realizes a child’s identity has been compromised.

EDTECH:  Let’s talk about prevention. What can districts do to prevent ransomware attacks?

TARUN: Your first and best line of defense is your users, so start with security awareness training. Everyone should know how to identify phishing emails and know not to click on dangerous links. Beyond that, make sure you have tested, password-protected backups that are stored offline, and do regular updating and patching of your critical systems. You should also have web application firewalls in front of your learning management system and anything else that’s externally facing.

Network firewalls are important as well, and you should leverage things like network segmentation to separate internet-facing applications from back office applications. And to help prevent email phishing, you should have anti-malware and anti-spam capabilities.

Finally, be sure you have a cybersecurity incident response plan — a guide that outlines the steps to manage incidents such as a ransomware attack. This plan should identify members of an incident response team and describe their roles and responsibilities. You may want to include people from HR, legal and other departments beyond your IT and security teams.

LEARN MORE: Here are 5 questions your cybersecurity assessment must answer.

EDTECH:  How can Fortinet’s solutions help schools if leaders are concerned they might be the next target of an attack?

TARUN: We don’t do data backups and recoveries, but we do offer cybersecurity training and a number of tools focused on protection. Our free training is offered through the Fortinet Network Security Expert Training Institute, which has one of the largest and broadest cybersecurity training programs in the industry. We have phishing prevention with our email gateway security technology, FortiMail; and we have FortiSandbox, which basically takes malicious files and detonates them before the user accidently launches them in the environment. Other solutions include our web application firewall, FortiWAFFortiEDR, for endpoint detection and response to guard against malware; and FortiToken, which prevents credential theft with multifactor authentication.

To tie all those products together, we have a cybersecurity platform called Fortinet Security Fabric. The nice thing about that is it’s backed by FortiGuard Labs, our threat intelligence solution. It helps schools be proactive about attacks, not just react after something bad has already happened.

Brought to you by:

FG Trade/Getty Images