K12: School Cybersecurity is On The Rise? Schools Are Easy Targets For Hackers, Source: Wayne Levin, Director of K12 Information eXchange
Doug Levin, director of the K12 Security Information eXchange, said that federal efforts are a good start, but aren’t sufficient given the scale and severity of the attacks.
“We’re making the resources available, educating, bringing superintendents together to educate them about the threat,” says Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technology.
She believes the White House doesn’t have the authority to require minimum school cybersecurity protocols like they can with rail, airports and pipelines.
“We need to move faster and with more conviction here. We think that we’re going to need a much more robust effort from the federal government to make progress on this issue,” he says. Tomorrow is too late.
Security protocols have been beefed up in Albuquerque. There’s ongoing training for all staff, including tests where the IT department sends out fake emails to see if staff click on them.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
The Real Reason School Cyber Attacks Are On The Rise? Schools Are Easy Targets for Hackers, Revisiting Marten’s Thoughts
He has become paranoid in the past few years. He did not think an email he received at the White House was real.
“I got the email and I went, ‘Oh, good one! This is a good one, right, I’m going to the White House!’ He remembered thinking that he was crazy. The email was reported to the IT department by him.
Elder wants everyone in the district to know that cyber safety is a top priority. Even though you have been hit by hackers, it doesn’t mean it won’t happen again.
Everyone in Atlanta had to change their passwords. The district also made cyber security training mandatory for all staff, so everyone had to learn to recognize possible phishing emails and other safe practices.
“Have you built this into your culture? The person can’t be the tech person. Every teacher, every school secretary, every student need to log into any district device.
“Those three things. If every district in the country did those things that don’t cost money … Marten says that they have a way to defend and protect their schools.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Multifactor Authentication and Cyber-Security: The State of the Art in School District 1340-2122 and the Challenge to School Boards and Governments
Having complex passwords is the first thing to do. The second is multifactor authentication, which means users have to enter more than just a password (a code sent to their phone, a fingerprint scan, etc.) to log in to their account. And the third is keeping software up to date.
Callow, the cybersecurity expert, says even now many school districts don’t have basic prevention protocols in place. When budgets are tight, it’s hard for leaders to advocate for spending on cyber safety.
The district is trying to figure out what happened and how to get in touch with federal and state agencies. They needed the school board to sign off on hiring specialized cybersecurity contractors, and then they needed to bring those contractors on.
They think it’s proof that you failed. I do not think that we failed. I think this is a fact of life and you must be prepared to address it.
Scott Elder, the superintendent of Albuquerque, New Mexico, says cyber security is on the rise: School cyberattacks are easy targets for hackers
It’s not Johnny in his room trying to break in and change his grades anymore. We are a school district. We weren’t equipped to battle foreign nationals in a cyber war.
Elder says the FBI told him the attack on his district was carried out by hackers overseas. He says he was surprised by the “ferocity and sophistication” of the operation.
Elder, in Albuquerque says that his district was getting quotes for cyber insurance at the time of the attack. Their costs went up 300% after the attack.
Scott Elder has a pretty typical morning routine. He wakes up at 7 a.m. and feeds the dogs, using coffee as his main source of sustenance. But on Jan. 12, 2022, Elder’s routine was interrupted by a concerning phone call.
Elder is the superintendent of Albuquerque Public Schools in New Mexico, and the call came from his district’s IT department, saying they had found some sort of computer virus.
The student records system had a bug. So Elder’s IT staff shut that network down. But that meant teachers wouldn’t have access to basic information about the almost 70,000 students enrolled in New Mexico’s largest school district. In addition, they couldn’t take attendance, wouldn’t know the children’s bus routes and were locked out of grade systems.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
The Albuquerque Public Schools Shutdown After a Data Hacker’s Break: How a District of Elementary Schools Learns about School Data
I woke up and was mildly disturbed at 7 a.m., but by 9 a.m. I was very concerned and sick to my stomach, because we had a real problem.
According to Callow, they are often done by hackers outside of the U.S. They can involve ransomware, where hackers lock data up and demand payment to “unlock” it. They may make public data if districts don’t pay up.
These attacks can also involve “Zoombombing,” where someone intrudes on a video call, often with pornographic or hateful images; denial-of-service attacks, which prevent or slow the use of networks; and phishing, an attempt to access data through fraudulent emails.
He said students are more vulnerable when it comes to a data hack if their housing, custody, or free lunch information has been collected.
Albuquerque Public Schools were closed for two days after the attack. After a long holiday weekend, the schools reopened after they realized no financial or health data had been compromised, and the district’s backups were intact.
Schools are “low hanging fruit,” says Noelle Ellerson Ng with the School Superintendents Association, which represents 9,000 district leaders across the country. She says that schools are the most important employer in a community, and they collect a lot of data.
The Atlanta Public Schools Cybersecurity Attacks Are On The Rise? Schools are Easy Targets for Hackers, Aina tells L.T. Elder
“That makes it very, very ripe. There’s a huge vulnerability to the data because it’s sensitive, longitudinal and personal.
Elder said they would not come back until they knew it was safe for kids. I know that is frustrating. I know that you want a date, but I can’t tell you right now. “
When Olufemi Aina, the head of IT for Atlanta Public Schools, was told in 2017 that some staff hadn’t been paid, he started investigating. The employees who had clicked on the fraudulent emails had inadvertently given the hackers entry to their payroll details. Hackers went in, changed the bank details and employee salaries were rerouted.
Those firms can charge up to $500 an hour. We took laptops from all the people that were compromised. We took forensic data captures of all of their hard drives. It was a lot of effort and a lot of consulting time.
From there, the costs just piled up. They bought cyber insurance, paid for the security firm’s retainer and hired specialized staff.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Student’s Identity: Cybersecurity Hackers Are Targeting a Surprising Group of People: Young Public School Students (via the Minneapolis Attack)
Spending on cyberspace would not be politically popular, he says. “And schools often don’t have the expertise to know where they should be directing their money either.”
Gravatt felt violated, both for her children and herself, as a result of the Minneapolis attack. As a former student of Minneapolis Public Schools, she had data in the system.
Minneapolis Public Schools did not make any officials available for an interview. More than 105,000 people may have been impacted by the attack, according to a written statement from the district.
“This breach was actually really huge,” Gravatt says. It wasn’t only school records. It was health records, it was all sorts of things that should be privileged information that are now just out there floating around for anybody to buy.”
“As it turns out, the identity information of children is actually more valuable to them than that of adults,” says Doug Levin, director of the K12 Security Information eXchange, a nonprofit that helps protect school districts from cybersecurity risks.
He says stealing a child’s identity may seem counterintuitive because they don’t have resources of their own, but it can cause “a lot of havoc.” Children’s bad credit can make it difficult for bad actors to open bank accounts, rack up debt and apply for loans in a child’s name.
Source: Hackers are targeting a surprising group of people: young public school students
Students are scared to be bullied: Cybersecurity hackers targeting a surprising group of people: Young public school students, an advocate for student privacy and security
The school system’s educators might be a little bit like pack rats. “And so there’s a lot, a lot of information that is collected over time, and it’s often not deleted when it’s no longer necessary.”
Advocates also point out that Black and brown students are especially vulnerable when a school system gets hacked. A report by the Department of Human Rights shows that black students in Minnesota are eight times more likely to be suspended than white students.
“So that also means that more of their information is being input into the system,” says Marika Pfefferkorn. She co-founded the Twin Cities Innovation Alliance to educate and empower parents about how data collected about their children could be misused.
Someone with a history of drug use should have their records wiped out, but they have now been made available to the public. That information could resurface in college applications, job interviews or in court hearings.
“For people who have specific issues like gender identity and immigration status, it is important that their information is not made public to the general public.”
Minneapolis Public Schools provided impacted individuals with free credit monitoring services for one year and guidance on how to protect against identity theft and fraud.
Families should place a fraud alert and freeze their credit file if they suspect they have been the victim of identity theft, as well as contact national consumer reporting agencies and the FTC, if they think they had been victims of identity theft.
Source: Hackers are targeting a surprising group of people: young public school students
Parenting through the storms: Rachael Flanery’s fears about cybersecurity and other things she didn’t know about
“It felt really, really overwhelming,” says Minneapolis parent Rachael Flanery. She thinks it’s unrealistic to believe parents have the time or capacity to do everything the school district suggested.
I was trying to be an idiot about it, right? If someone tells me that my child just bought a boat, and then I get a knock on my door, I’ll show him where he is. Hopefully it will be easy to get the charges reversed.
Her family has since moved to a different school district, but Flanery says the whole experience was scary. She’s been worried about her children’s physical safety as a parent. Now, cybersafety is another thing she’s worried about.
Celeste Gravatt is worried as well. She locked her kids’ credit so that no one could open accounts in their names. She’s especially worried that one of her kid’s health information will be made public. She still feels anxious when she thinks about it.
I am not a tech savvy person. So I do wonder, like, if somebody were to obtain information that they shouldn’t have, would I even know till it was too late? I don’t know.”
