Why School Systems Have Become Major Targets for Cyberattackers

Why School Systems Have Become Major Targets for Cyberattackers

School systems have recently become major targets for cyberattacks because of the multitude of personal information they have paired with improper security protection.

School systems have recently become targets for cyberattacks, with hackers looking for ransom leverage or personal data to sell.

One district, the Houston County School District in Dothan, Ala., recently experienced a malware attack in which the hackers held hostage for a demanded ransom. The district has delayed their start date from Thursday, Aug. 1 to Monday, Aug. 5. Due to the attack, and according to the superintendent, the teachers’ computers may not be available for use by that Thursday.

In Louisiana, several school systems have experienced malware attacks, and the governor issued a statewide emergency declaration.

These institutions have become susceptible to cyberattacks in recent years because most times, they hold a plethora of private data and often don’t have the security in place to fend off the attacks. Many schools do not have an employee who is dedicated to cybersecurity, bringing additional stress onto the schools.

“Targeting schools for cyberattacks is not new, but what used to be viewed as a local problem – perhaps some smart kids hacking systems to change grades — has now become a lucrative business,” said Saurabh Sharma, the vice president of Virsec. “Ransomware attacks remain popular across multiple industries, but education is a particularly fat target. The combination of fairly sensitive data, aging systems, limited resources, lack of cybersecurity expertise, and relatively permissive policies make schools and universities low hanging fruit for hackers.”

Eva Vincze, a faculty member in the cybersecurity and police and security studies programs at George Washington University, said that it might take a while for schools to be able successful block hackers.

“Most school systems, especially in small communities, do not have the resources to keep up with each generation of threats that bad actors come up with,” Dr. Vincze said. She added that schools may put themselves at risk by having “the same mentality that is pervasive in the business sector: ‘It won’t happen to us.’”

Sharma said that the only way to stop these attacks, aside from outsmarting the hackers and catching up with their attacks, is to stop paying the ransoms.

“Ultimately, these attacks work because many organizations are willing to pay ransoms and increasingly insurance companies are footing the bill. It’s hard to tell a desperate victim not to pay a ransom to get back critical information, but as long as we’re willing to pay ransoms, these attacks will not stop."