Tomorrow’s School Cyberattacks Are On The Rise? Schools are Easy Targets for Hackers, Source: Anne Neuberger, National Security Advisor to the 2023 White House Cyber Security Conference

The White House convened a cybersecurity conference for some school leaders in August 2023, in which it connected schools with free resources. The FCC is currently reviewing public comments on a proposal that would provide up to $200 million to strengthen cyber defenses in schools.

Anne Neuberger is the deputy assistant to the president and deputy national security advisor of cyber and emerging technology.

She says the White House doesn’t have the authority to require minimum school cybersecurity protocols, like they can with rail, airports and pipelines.

We need to move more quickly and with more conviction. We think that we’re going to need a much more robust effort from the federal government to make progress on this issue,” he says. Tomorrow is too late.

In Albuquerque, Elder’s district has beefed up security. There’s ongoing training for all staff, which includes tests where the IT department sends out fake emails to see if staff click on them.

Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers

Why is school cyberattacks on the rise? Why does school cyber security hackers are easy targets for hackers? — Comment on Marten, a Harvard student at the White House

He says he has become paranoid in the past few years. He was invited to a cybersecurity summit at the White House, but didn’t believe that the email was authentic.

“I got the email and I went, ‘Oh, good one! This is a good one, right, I’m going to the White House!’ He remembers thinking that was crazy. The email was reported to the IT department by him.

Elder is trying to get everyone in the district to be on top of cyber safety. It doesn’t mean that you cannot be hit again if you have been hit once by a hacker, according to him.

Atlanta made everyone change their passwords to make them more complex. The district also made cyber security training mandatory for all staff, so everyone had to learn to recognize possible phishing emails and other safe practices.

“Have you built this into your culture? The person has to be the tech person. It’s got to be every teacher, every school secretary, every student that logs into any district device.”

“Those three things. If every district in the country did those things that don’t cost money … “We would have a way to protect our schools,” says Marten.

Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers

What Happened to a School District in 2022: Cyber Warfare and Prevention Techniques for the Era of School District Cyber Security

The first step is to have complex passwords. The second is multifactor authentication, which means users have to enter more than just a password (a code sent to their phone, a fingerprint scan, etc.) to log in to their account. Software is kept up to date.

Callow, the cybersecurity expert, says even now many school districts don’t have basic prevention protocols in place. The case for spending on cyber safety is not very convincing when the budgets are already tight.

While it’s hard to know exactly how many K-12 school systems have been targeted by hackers, an analysis by the cyber security firm Emsisoft estimates that 45 school districts were attacked in 2022. In the years after that, Emsisoft found a number of more than 100.

“They think it shows that you failed somehow. I don’t think that we failed. I think this is now a fact of life, and you better be prepared to address it.”

“It’s not Johnny in his room trying to break in and change his grades anymore,” Elder says ruefully. “And we’re a school district. We didn’t have the equipment to go to a cyber war with foreigners.

The FBI told Elder that the attack was done by hackers overseas. He says he was surprised by the “ferocity and sophistication” of the operation.

Elder, in Albuquerque, says his district was in the middle of getting quotes for cyber insurance when the attack happened. The costs went up 300% after the attack.

Scott Elder’s phone call on Jan. 12, 2022 triggered a computer virus in his school district’s student records system — a real problem solved

Scott Elder has a pretty typical morning routine. He wakes up at 7 a.m. and drinks coffee and feeds the dogs. But on Jan. 12, 2022, Elder’s routine was interrupted by a concerning phone call.

Elder was told by his district’s IT department that they had discovered a computer virus.

The bug was in the student records system. The network was shut down by Elder’s IT staff. But that meant teachers wouldn’t have access to basic information about the almost 70,000 students enrolled in New Mexico’s largest school district. The teachers weren’t allowed to take attendance, wouldn’t know kids’ bus routes, and were locked out of the grade systems.

I went from mildly disturbed at 7 a.m. to very worried by 9 a.m. and then sick to my stomach by noon because I began to realize that we had a real problem.

According to experts like Callow, these are attacks carried out by outside the U.S. They have the ability to include Ransomware, in which hackers lock data up and demand payment to “unlock” it. If districts don’t pay up, they may make the data public.

These attacks can also involve “Zoombombing,” where someone intrudes on a video call, often with pornographic or hateful images; denial-of-service attacks, which prevent or slow the use of networks; and phishing, an attempt to access data through fraudulent emails.

The more information a student has, the more vulnerable they are when a data breach occurs.

Albuquerque Public Schools are a easy target for hackers: One reason school cyber attacks are on the rise? Schools are easy targets for hackers

Albuquerque Public Schools closed for two days because of the attack. Staff and outside contractors worked through a long holiday weekend, and schools reopened six days later, once they realized no financial or health information had been compromised, and the district’s backup systems were intact.

“The schools are low hanging fruit, which is why it’s important that leaders from districts around the country get together to see what can be done to improve them,” says Ngong. She says that schools are often the community’s biggest employer and collect lots of data.

That makes it very, very ripe. There’s a huge vulnerability, as the data is so sensitive and so longitudinal and so personal.

Elder said that they wouldn’t return until they knew it was safe for children. ‘And I know that’s frustrating I know you would like a date but I cannot tell you right now. “

Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers

What happened when a student in Minneapolis had been compromised by phishing emails? Aina and Levin explain the case of the Minneapolis attack

When Olufemi Aina, the head of IT for Atlanta Public Schools, was told in 2017 that some staff hadn’t been paid, he started investigating. He learned that employees who had clicked on phishing emails a couple of weeks back had unwittingly given hackers entry to their payroll details. Hackers went in, changed the bank details and employee salaries were rerouted.

Some of the firms charge hundreds of dollars an hour. We took laptops from all the people that were compromised. We took forensic data from their hard drives. It was just a lot of man hours and a lot of effort and a lot of consulting time.”

The costs increased from there. They paid for security, cyber insurance, software, and specialized staff.

“Spending on cybersecurity wouldn’t necessarily be politically popular,” he says. Schools don’t have the expertise to know where to put their money.

Gravatt calls the Minneapolis attack “an extreme breach of privacy,” and says she felt violated, both for her children and also for herself. As a former Minneapolis Public Schools student, she also had data in the system.

Minneapolis Public Schools did not make any officials available for an interview. More than ten thousand people may have been impacted by the attack, the district said in a statement.

“This breach was actually really huge,” Gravatt says. “And it wasn’t just school records. It was health records and other stuff that should be privileged information and now it’s floating around for anyone to buy.

“As it turns out, the identity information of children is actually more valuable to them than that of adults,” says Doug Levin, director of the K12 Security Information eXchange, a nonprofit that helps protect school districts from cybersecurity risks.

He says that it may seemcounterintuitive because they don’t have their own resources, but that can cause a lot of havoc. Parents don’t necessarily monitor their children’s credit and bad actors can easily open up bank accounts, rack up debt and apply for loans in a child’s name.

Student’s Credit Monitoring Services: Cybersecurity Hackers Target a Surprising Group of People: Students: Public Schools, Twin Cities Innovation Alliance, and the Minneapolis Public Schools

“School systems’ educators can be a little bit like pack rats,” Levin explains. “And so there’s a lot, a lot of information that is collected over time, and it’s often not deleted when it’s no longer necessary.”

Black and brown students are more likely to become vulnerable when a school system is hacked. Black students in Minnesota are eight times more likely than white students to be suspended or expelled, according to a report from the Minnesota Department of Human Rights.

Marika says that more of their information is being input into the system. She co-founded the Twin Cities Innovation Alliance to educate and empower parents about how data collected about their children could be misused.

Say a student has a history of drug use that’s been successfully overcome; or they have disciplinary records that should have been expunged, but are now publicly available. That information could resurface in college applications, job interviews or in court hearings.

If some of this information became public at a particular time and place, it could potentially be life threatening, as the public is now very much divided about issues like gender identity and immigration status.

The Minneapolis Public Schools gave affected people free credit monitoring services and guidance on how to protect themselves fromidentity theft and fraud.

The guidance included a number of steps that families could take, such as getting a fraud alert on one’s credit file and contacting the FTC and their state attorney general if they think they have been victims of identity theft.

Source: Hackers are targeting a surprising group of people: young public school students

“Getting a boat”: Parent Rachael Flanery tells her daughter: “It feels overwhelming” when she hears about a new school district

“It felt really, really overwhelming,” says Minneapolis parent Rachael Flanery. She thinks it’s not realistic to think that parents have the time or capacity to do everything the district suggests.

“I tried to just kind of be an ostrich about it, right? I put my head back in the sand and thought about if someone knocked on my door and told me my child just bought a boat, I’d show him where he was! And hopefully it won’t be hard to get the charges reversed.”

Her family moved to a new school district, and she says the whole experience was frightening. She has always worried about the safety of her children. She’s worried about cybersafety as well.

Parent Celeste Gravatt is also concerned. She locked her kids’ credit so that no one could open accounts in their names. She’s worried about her child’s health information being made public. She still feels anxious when she thinks about it.

“I’m not what I would call a tech savvy person. I don’t know if I would know till it was too late if a person were to get information that they shouldn’t have. I’m not sure.