Cybersecurity Incidents Spike During the Pandemic
According to “The State of K-12 Cybersecurity: 2020 Year in Review” from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, what happened at Monroe-Woodbury is becoming increasingly common. The 2020 calendar year saw a record-setting 408 publicly disclosed cybersecurity incidents. These attacks, which affected 377 school districts across 40 states, resulted in temporary school closures, millions of stolen taxpayer dollars and student data breaches linked to identity theft and credit card fraud.
Schools moving to remote and online learning environments in March 2020 only exacerbated the problem. With the rapid shift to remote learning putting more devices into students’ and teachers’ hands, a lack of cybersecurity training and plenty of enticing free apps to download, cracks in schools’ cybersecurity were almost inevitable.
IBM’s Education Ransomware Study, released in October 2020, surveyed 1,000 K–12 and college educators and 200 K–12 and college administrators. It found that “while administrators are 20 percent more likely to receive cybersecurity training than educators, they are still unaware of critical information relevant to protecting their schools.”
Pre-Emptive Protocols Lead to Faster Recovery
When Monroe-Woodbury faced down its cyberattackers in 2019, it was ready. Well before the attack, the district had established both internal protocols and a disaster recovery plan.
As soon as the IT team became aware of the attack, it notified Superintendent Elsie Rodriguez and the other assistant superintendents. Once Rodriguez informed the Monroe-Woodbury board of education of the situation, the communications team and the public relations specialist contacted all key stakeholders, including the business office, the district attorney and the insurance company.
Within an hour, the district had an incident response team working with Vyas to contain the attack, assess the damage and develop a mitigation plan. The attackers had just started targeting the servers when the storage area network was shut down, so there was nowhere to go to do more damage.