May 13 2021

Protecting K-12 Data from Cyberattacks

With ransomware continuing to threaten K–12 education, the need to protect data — no matter where it’s stored — cannot be overstated.

It’s impossible to put a value on the data K–12 districts collect and store, so it’s important to treat it as an asset and defend it with the protection it deserves.

Whether stored on-premises, in the cloud or with a hybrid strategy, data is always vulnerable to attack. Cybercriminals are revising their attack techniques as quickly as new security tools are being developed, and reports show that K–12 educational institutions have been a primary target for these bad actors.

Peter Gerr and Jim Shook of Dell Technologies spoke at this year’s Dell Technologies World about the prevalence of cybercrime, citing recent high-profile ransomware attacks.

One case Shook mentioned involved “an extremely sophisticated attack where a nation-state worked into a software product and planted some malware. As that product was deployed, it was just leaping onto the good software, and they were evading all of the cybersecurity controls that that organization had in place to block them. They were in the front door before anybody knew.”

In another example, he mentioned a healthcare organization that also was taken down by ransomware. “As part of their obligations for being a public reporting company, they had to talk about material adverse events, and so they revealed that they lost about $67 million to the ransomware attack,” he said.

According to Shook, ransomware attacks are becoming more frequent and more expensive. “Last year, we had a cyber ransomware attack about every 39 seconds, and this year it’s every 11,” he said. “Most of the breaches are financially motivated, and the cost per organization has almost doubled, from $13 million last year to just under $25 million this year. Across all industries, that number’s skyrocketing from $1 to $6 trillion.”

Additionally, schools must consider the incalculable cost of keeping students safe. Districts, which store information such as students’ names, birthdays and social security numbers on file, are guarding student data against more than just financial loss and should be ready at all times with a robust cybersecurity plan.

A Resilient Cyber Security Strategy Includes Defense and Recovery

Shook stressed the need for cyber resilience as a part of any organization’s IT strategy.

“When we talk about cyber resilience, we’re really talking about a high-level, holistic strategy that incorporates cybersecurity standards, guidelines and best practices across the organization,” he said.

Gerr added, “Cyber resilience is really about being confident in your organization’s ability to recover from a disruptive event, cyberattack or other ransomware or malware attack.”

READ MORE: Fortinet’s Renee Tarun answers questions on defending against ransomware attacks.

“What’s important to understand about cyber recovery is that it’s a component of a larger cyber resilience strategy, one that’s really focused on isolating critical data away from the attack surface, the operational air gap, and making sure that that critical data is stored immutably in a hardened vault, which will enable recovery post-attack,” Shook said.

A school’s larger cyber resilience strategy must include plans to recover lost or stolen data. Plans that don’t include what to do in the event of a worst-case scenario aren’t comprehensive and don’t prepare the key players in the district in the event of an attack.

Cyber Recovery Should Include These Key Components

According to Shook, any good cyber recovery solution should include three main components.

“The first is isolation,” he said. “This means both physical, via maybe a locked room on-premises in a data center or off-premises in a cloud-based vault. It also means logical isolation, isolating the data and the management paths, isolating the command and control access separating the cyber recovery vault from the attack surface, from production and from backup environments.”

The second component is immutability. “Dell defines immutability as both hardware and/or software working together with additional controls that ensure the original integrity and availability of the data in the vault is preserved,” Shook explained.

The final component is intelligence. A good cyber recovery solution should apply “innovative and comprehensive tools, like machine learning and AI, within the security of the cyber recovery vault to identify potential cyberthreats and help identify whether data in the vault is recoverable,” he said.

These three components should work together to provide security for all of an organization’s data and to offer the best possible chance of recovering that data in the event of an attack, Shook said.

INSIDER EXCLUSIVE: Experts share 5 tips for curating and protecting student data.

sdecoret/Getty Images