School districts across California and the country are attempting to determine the best ways to lower the risk and safeguard their data and information technology as cyberattacks continue to target educational systems.
Authorities have implemented additional safeguards such as requiring double authentication for access to data, backup systems, and a shift to cyber insurance. State and federal governments are starting to take action to scrutinize threats in the meantime.
"A cybersecurity crisis will happen in a school system; the question is when." The regional director of the nonprofit K12 Security Information Exchange and cybersecurity expert Doug Levin stated, "It's only a matter of when. Those hazards need to be taken into account in the continuing administration and management of school systems."
San Luis Coastal Unified, which experienced a ransomware assault in May, is "really trying to double down now and do anything we can to guarantee that, if it does happen again, that we can make it as little and less disruptive as possible," said Ryan Pinkerton, the superintendent of business.
A notable recent instance was when Los Angeles Unified was attacked over the Labor Day holiday. After the district decided not to negotiate or pay a ransom on the advice of law enforcement, the crime syndicate that attacked it posted some of its data online.
Although LAUSD did not pay the ransom, some experts believe that other districts may have. According to Levin, districts do not always make this information available. That choice is influenced by the sensitivity of the compromised data and the time and money needed to retrieve lost data.
According to data from cybersecurity company Emsisoft, which keeps track of known occurrences, ransomware attacks have so far this year affected more than 60 school districts, colleges, and universities across the nation. At least 30 K–12 public school systems are included, but since districts are not compelled to record such occurrences, the situation may be considerably worse, according to Brett Callow, a security analyst for Emsisoft.
The education sector is predicted to experience fewer assaults in 2022 than the previous two years, in which each had more than 80 occurrences, but this year's ransomware attacks nevertheless show that hackers are still quite interested in the school industry.
Even though no school days were ever missed, Superintendent Tracey Quarne said that since then, recovery has been gradual. The outcome was that the district had to develop a new financial system as well as a second email system. He claimed that it had been frustrating.
Quarne refused to comment on if the Glenn County Office of Education paid a ransom or if any of its data had been made public after the breach, claiming that the situation was still being investigated.
This year, the criminal organization Vice Society, which appears to be based in Russia, has claimed responsibility for ten different attacks on the American educational system. As a result, the U.S. Cybersecurity and Infrastructure Security Agency issued a warning in September about Vice Society's disproportionate attacks on schools.
The Federal Communications Commission has been urged by educational institutions and school systems like LAUSD to permit the use of E-rate funds, which are intended to lower the cost of digital information services for libraries and schools, for cybersecurity.
The Department of Education's cybersecurity policies have not been updated since 2010, and the U.S. Government Accountability Office has advised that they be. These initiatives have not yet yielded any noticeable effects, nonetheless.