In looking at IPS detections, FortiGuard Labs researchers also found that education saw higher levels of activity regardless of the exploit in question. This continues a trend from 2020, which saw a record-setting 408 publicly disclosed cybersecurity incidents in the K–12 sector, according to The State of K-12 Cybersecurity: 2020 Year in Review, published by the K-12 Cybersecurity Resource Center. The attacks affected 377 school districts in 40 states and cost millions of dollars to remediate.
Thankfully, although the risks are real and growing, there are ways to combat these attacks. The shift to remote learning left many districts and schools vulnerable as the threat landscape became larger and more complicated. But district IT teams don’t need to feel alone in this situation.
How Can Schools Prepare for Cyberattacks Now?
For schools already grappling with numerous challenges related to the pandemic, many IT systems likely remain underfunded. But cybersecurity isn’t something that can be ignored.
Prevention is always key, and users are the first and best line of defense. It’s important to implement security awareness training as an immediate first step. All faculty and staff members should be able to spot phishing emails and know not to click on dangerous links.
DIVE DEEPER: What should K–12 leaders know about whaling attacks?
Anti-spam and anti-malware capabilities are another preventive security to combat phishing. Software-defined WAN will also play a major role in both evolving and securing networks as the edge expands. Real-time endpoint protection, detection, and automated response solutions will be vital to secure environments along with a zero-trust approach to access.
Network firewalls are another important security component, combined with network segmentation to separate internet-facing applications from back-office applications. Web application firewalls should be placed in front of learning management systems and anything else that’s externally facing.
In addition, make sure to create, test and maintain a cybersecurity incident response plan that outlines the steps to take during incidents such as a ransomware attack.
How Can Schools Prepare for Future Cybersecurity Threats?
As school districts around the country enter a new school year already fraught with pandemic concerns, cyber risks are ever present. Even with classes taking place in person, the danger still exists. In response, the U.S. Senate recently passed the K-12 Cybersecurity Act, which would direct the Cybersecurity and Infrastructure Security Agency to conduct a comprehensive study of the cybersecurity risks schools face and develop recommendations and resources for schools.
Bad actors also know that schools are chronically underfunded and their IT departments are frequently understaffed. Not to mention that these teams are often working with legacy systems and heterogenous infrastructure.
READ MORE: K–12 leaders must prepare to retire outdated tech.
These factors don’t mean the education sector is helpless. Educating network users, implementing key technologies and putting an incident response plan in place will all help to defend schools against cyberthreats today and into the future.