Sponsored Around 2013, the early pioneers of mass ransomware made a discovery that changed the trajectory of what has since become the nastiest and most successful industry in malware history.
With names like Reveton, CryptoLocker, and TorrentLocker, malware from this era landed on end-users’ PCs and servers, encrypted their files, and demanded an achievable ransom, usually between $ 200 and $ 300. But as more and more small organizations were caught in the same cluster attacks, criminals noticed how desperate many SMBs were to get their data and systems back immediately.
Ransomware, it seemed, not only hid data, but immobilized entire organizations, sometimes surprisingly large. It was a proverbial light bulb. The criminals had invented a denial-of-commerce attack that was much more reliable than any old-fashioned DDoS. When the malware industry made its real call, panic spread and ransoms began to rise.
Schools were no exception, often helpless against something as fast as ransomware. Looking back to 2021, two things stand out. The first is that, without realizing it, schools had come to rely on the digital world to the point that without computers and networks they could no longer function.
Second, the delivery of devices to students has become the top priority for educational continuity during Covid-19. But that sometimes meant safety considerations had to take a back seat, with struggling schools’ IT departments fighting fires on all fronts and usually with limited resources at their disposal.
Schools closed forever
In 2019, a UK National Cyber Security Center (NCSC) verification found that 97 percent of the 432 schools surveyed admitted that losing access to their network would cause major disruption. Almost all, 83%, have experienced some type of security incident, with the main causes cited being fraudulent emails sent to staff, important data made unavailable, infection with malware (including ransomware) in this incident. order.
More than nine in ten schools said they had experienced significant disruption as a result of these attacks, with ransomware and other malware being mentioned in 30% of cases. Considering that 69% of them also mentioned phishing attacks – an important way for ransomware to protect itself against school defenses – this is probably an underestimate of its true impact.
“What jumped out at me about the NCSC report was that less than half – 49% – of schools were confident they were properly prepared for a cyberattack,” says Shayla Rexrode, Educational Solutions Architect global Lenovo. “I think this is indicative of the situation of a lot of schools in a lot of markets. Threats to schools have really proliferated over the past couple of years, and now they’re here to stay. “
In 2018, Lenovo launched ThinkShield, a suite of services designed to secure devices, the way users access them and, most importantly, the data they hold. Although offered to a wide range of businesses, Rexrode believes that layered security solutions such as ThinkShield are now an essential aid for an education industry in need of specialist advice.
“A fundamental question that people ask themselves is: why schools? Why would a cyber attacker want to attack a school? Students are unfortunately easy targets once their personal data is compromised, as their credit is typically not monitored as often as adults, so their identity theft is less likely to be found and dealt with.
Schools have seen a huge influx of technology over the past decade, primarily in devices such as laptops and Chromebooks, and in remote classroom assistance software used to administer digital learning. This has happened in every industry and, like every other industry, it has increased what the cybersecurity industry calls the attack surface. “Since the start of the pandemic, continuity has been the priority. In many cases, safety was a secondary priority. Now, almost two years after the start of the pandemic, with devices already in place, a big change is happening and now security is being addressed with more urgency, ”Rexrode said. However, schools “generally do not have the staff to support this technology in terms of safety. Historically, money has not been available to purchase cybersecurity software or to add staff. It made schools easy targets. “Due to competing markets, I don’t think we’ll see an influx of IT staff into the school sector. But it’s not always the number of people you have; even school districts with larger IT departments can find themselves compromised, ”she says.
Track the data
Following a long list of attacks on American schools in recent years, the UK has seen a sharp increase in reported incidents since the 2019 NCSC report. There is now a disheartening fatality regarding reports of new incidents. . In March 2021, 15 schools in Nottinghamshire had to close their systems after the ransomware attack, followed a few weeks later by 50 more in London who are said to have left 36,000 students without access to email
In August, it was the schools tour on the Isle of Wight. Two months earlier, the NCSC had warned schools of the threat posed by ransomware, highlighting the risk of VPN access, Remote Desktop Protocol (RDP) access and phishing. This highlights how similar other business schools have become, including having the same mix of vulnerable hardware and software.
Ransomware attacks are generally seen as disrupting important services to make extortion demand more convincing as a solution. It is understandable that educators focus on this as any disruption in service hinders their ability to educate young people. And yet, there are much darker possibilities that the industry could further downplay.
Rexrode mentions the anecdote of a young person she heard of who applied for a college scholarship at the age of 17 but was turned down. It turned out that identity thieves had purchased financial products on behalf of this person, ruining their credit rating before they reached voting age.
“The school was able to show where several credit cards and two vehicles had been purchased in this person’s name. Her parents hadn’t thought about following the credit rating of someone so young. It is highly likely that this type of data can be used for some time before it is detected.
Now that ransomware seems increasingly focused on stealing data while encrypting it, that is a game changer. From an attacker’s perspective, that makes sense. Youth data will be useful for longer, making the sale more lucrative. This is the problem that nobody tries to stop ransomware attacks likes to think about: Hardware such as PCs can be physically restored after a malware attack, but once personal data has been stolen, it can be restored. disappear forever and can never be stolen.
“Anywhere they can find data that can be used for identity theft, they will target.” It turns out that schools have a memory of useful identities that is constantly renewed with decades ahead.
According to a recent NBC News article, an analysis by security firm Emisoft detected data stolen from 1,200 kindergartens at age 12 (K-12) American Schools in Dark Web Forums. All were disclosed in 2021 after ransomware attacks, with some schools contacted about it not even knowing it had been taken. It was based on US leaks, but there’s no reason to believe the same wouldn’t apply to similar data stolen from schools around the world.
Not just Chromebooks
A major issue for schools is choosing and integrating the range of products they need to secure the PCs, Chromebooks, and tablets used by students, teachers, and administrators. It’s a device challenge but also a software and data protection challenge.
As Rexrode describes, ThinkShield is a portfolio of layered security solutions offered by partners, including SentinelOne’s endpoint security platform, as well as device and asset tracking from Absolute, with capabilities to remote encryption and erase to secure data stored on devices.
“We created ThinkShield to be very customizable and end-to-end. No matter what device the students try to use, ”Rexrode explains. Schools can not only track the device if it is stolen, but they can also monitor its health, usage, and the need to update its software.
Lenovo laptops, Chromebooks, and education servers can be protected with a variety of security measures. These include mechanical privacy shutters for webcams, locked USB ports, physical and BIOS-level resource tagging, and the ThinkGuard screen privacy feature.
“Each school is different. Some may already be using Absolute and need something like SentinelOne. But we still ask a lot of questions about their devices and antivirus to better understand their needs. “
Rexrode offers some recommendations to help schools assess their IT infrastructure to reduce vulnerability. One of the first priorities of cybersecurity in school is to protect the devices themselves. An important foundation of this is having an accurate asset inventory that provides a complete picture of what needs to be tracked, protected, and remedied. The ability to track the location of a device is a particular issue in an environment where student laptops are often lost and misplaced. Absolute tracking service means it can be immediately located and locked down.
However, she cautions, good cybersecurity is also about people and not just hardware. “Schools need to look at the awareness and protocols they have in place for students and teachers about the implications of a cyber attack. For example, how often do they take training sessions? Schools would be well served to create greater awareness and a sense of urgency around cyber attacks. “
Part of Lenovo’s consulting offering involves scanning each school’s infrastructure for security weaknesses as well as human vulnerabilities. In the event of an attack, Lenovo ThinkShield Cyber Security Solutions will provide remediation and recovery support services through its partners.
Rexrode believes that schools can cope with the growing complexity of cybersecurity by accessing services offered by third parties. “It’s not enough to make sure that children are physically safe when they enter a school. We also need to protect their data.
Sponsored by Lenovo.