Keeping School Networks Safe from Attack

While every network is a potential target for cyber threats, K-12 school districts are especially under attack. We bore witness to one example recently while assisting a large Midwestern school district that utilizes Google Classroom (which requires Internet access for curriculum, instructional resources, homework, and testing). They were hit repeatedly with coordinated DDoS attacks that swamped their Internet service for nearly two days. Internal IT staff knew the attacks were happening, but couldn’t stop them until they engaged the help of Windstream Enterprise’s DDoS Mitigation service. The result?  Immediate detection and mitigation of the attacks and the elimination of downtime and potential losses from simultaneous data theft or ransomware attacks.

This school district was one of the lucky ones who acted swiftly. However, the network of K-12 school districts currently rank as top targets for three types of threats:

• Data theft. A recent Symantec survey found that schools incur a full ten percent of all information breaches, making them the third most breached sector. Cyber criminals go after school networks for the abundance of sensitive information they contain, from social security numbers to student health records.

• Ransomware attacks. BitSight Insights reports that 13 percent of educational institutions surveyed experienced ransomware attacks on their networks last year. That’s more than twice the attack rate for the healthcare industry, and eight times the rate for the financial sector.

• Cyber mischief. School districts increasingly are hit by distributed denial of service (DDoS) attacks, in which massive traffic overwhelms networks to shut down websites, phone systems, and Internet/application access. DDoS attacks are relatively easy to launch, and more than half of them directed at schools come internally from students.

Despite being top targets, most school districts have weak network defenses. A 2017 survey by the Consortium for School Networking found that just 15 percent of school technology leaders have a cybersecurity plan.

Making network security a priority for schools

A growing number of school districts have hardened their network defenses by adopting a managed network security solution. Managed security solutions typically deliver extensive, real-time protection against intrusion without requiring the school district to retain internal security expertise or divert general IT resources to challenging security matters.

Why do so many schools remain under-protected? Cost is often cited as the main reason. But as with most severe threats, a focus on preventing data theft, ransomware attacks, and DDoS attacks can prove far more cost-effective and prudent than dealing with them after they arrive.