Imagine being a student watching your classmate present during YouTube live, and then all of a sudden, you hear someone interrupt your classmate’s presentation, to say your classmate’s name and then speak about how much he admires her. Then how about this? The intruder then says, “You cannot mute me because I am a HACKER!”. I have to admit; this particular scene played out in real-time in front of me during a class I attended this past April.
The Facilitator of the course, feeling comfortable to do so, inadvertently posted the class Zoom details to a live YouTube feed. The Facilitator was genuinely embarrassed and apologetic to my classmate and his students. I do not think he thought that we would experience an invasion like that ever. I mean, we were in class, and everyone there was trying to learn. These types of cyber attacks are becoming increasingly common, especially now during this Covid-era.
I recently read an article by The K-12 Cybersecurity Resource Center and The K12 Security Information Exchange (K12 SIX), which provide information regarding school-related cyber issues, and are dedicated to helping protect K-12 schools from cyber threats. It is worth mentioning that the U.S. public K-12 is a $760 billion sector managing and storing data for 50 million students. However, in some situations, IT system infrastructure is stored on-premise or shared with other districts, which increases the risk of protecting student and staff confidential information.
In 2020, K-12 saw a staggering increase in publicly disclosed cyber attacks. Examples of K-12 Cyber attacks include Denial of Service attacks, Phishing, and Ransomware, to name a few. With these cyber attacks, data retrieved by an adversary and, in most cases, sold. This situation then becomes detrimental to parents’ livelihood but more specifically to their children and School Staff. For example, children under 18 receive mail telling that tells them they have been denied credit, or sometimes the information the adversary has obtained is used to Bully children or School staff online. Also, the article spoke about that Wealthier, more prominent, and suburban school districts were more likely to have a reported breach, with Ransomware being an example of an attack method. The Ransomware attack is successful when an unsuspecting person opens an email which then activates the malicious software.
With remote learning being the norm, a secure and safe environment must be created for students and School Staff. School districts with student and School Staff data still on-premise should look for ways to encrypt data-in-rest and store it in locked storage. School districts can implement at least basic security awareness training and security hygiene practices to maintain a high level of security controls in place for all facets of their IT infrastructure.
If you are interested in learning more about K-12 Cyber incidents, feel free to visit k12cybersecure.com.