K-12 Cybersecurity in 2023: Ransomware, AI, and Increased Threats

(Image credit: Pixabay)

Well into 2023, it is disheartening to know that K-12 institutions continue to be one of the primary targets of cybersecurity attacks. Cyberattacks such as DDoS, phishing, data breaches, password attacks, man-in-middle attack, and malware on school districts have resulted in monetary losses, the need for additional recovery resources, and loss of instruction time.

While all types of cyberattacks are increasing in districts, for the first time, ransomware incidents were the most frequently disclosed incident type in 2022, with percentages rising from 12% in 2020 to 62% in 2022, according to the Emsisoft 2022 report. School districts hit by ransomware in 2022 represented 1,981 schools, almost double the number of K-12 schools potentially compromised in 2021. In addition, ransomware groups successfully exfiltrated data from U.S. schools at a rate of two-thirds in 2022, up from half that number in 2021. 

“We must ensure that our K-12 schools are better prepared to confront a complex threat environment,” says Jen Easterly, Director of CISA, the U.S. Cybersecurity and Infrastructure Security Agency, which is partnering with K-12 to bolster security. “As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are working to exploit vulnerabilities in these systems, threatening our nation’s ability to educate our children.” 

Ransomware Attacks on the Rise 

Ransomware has the potential to access and exploit the sensitive data in K-12 institutions, including student records and other personally identifiable information, financial aid and transaction data, and healthcare information. As such, districts are continually at high risk. For example, bad actors recently released health records for about 2,000 current and former LAUSD students, publishing it on the dark web. 

With the increase in classroom technology and personal digital data, district leaders and IT professionals need to acknowledge that ransomware will continue to be an evolving cybersecurity threat. It is typically seen as easy big money for many bad actors, as they understand that districts are more willing to pay a ransom than undertake a long recovery process with educational and administrative consequences. 

Currently, many districts don’t have significant resources or budgets focused on cybersecurity, with an estimated less than 2% of operating budget allocated for staffing, training, and software. The State of EdTech District Leadership 2022 highlights that more than half of the IT professionals (52%) said their schools lack adequate staffing to support and protect teachers, while 77% of districts reported not having a full-time employee dedicated to network security. 

In addition, often unintentional, and non-malicious human errors are the top reason for school cyber attacks. Focusing on daily operations, staff and teachers are too quick to respond to phishing attempts, suspicious links, and unsecured access networks. With easily hacked passwords, unsecured devices, and software available with one click, accessing user data is an easy lift for hackers.

Cybersecurity Help and Resources 

Cybersecurity will keep edtech leaders up at night; however, many resources and organizations support the work done in school districts through educational programs, policies and initiatives, and training. Two organizations committed to cybersecurity and education are CoSN and the National Cryptologic Foundation

As a premier membership organization designed to meet the needs of K-12 education technology leaders, CoSN supports cybersecurity initiatives in many school districts. At the federal level, they are campaigning along with other organizations for FCC to expand E-rate eligibility for basic firewalls to include all current firewalls and related features without requiring cost allocations. 

CoSN recently released the Blaschke Report, a cybersecurity primer for any K-12 school district. This report identifies five actions a school system IT staff might take to defend IT infrastructure better, including: 

  • Training
  • Technical expertise 
  • Network security 
  • Sustainability plans 
  • Leadership buy-in and funding 

Keith Krueger, CEO of CoSN, recommends that along with the actions in the report, K-12 organizations take a district-wide approach to cybersecurity by focusing on user education, increasing internal human capacity, and understanding what is at risk regarding cyberattacks. 

The National Cryptologic Foundation focuses on a community approach to reach youth with vital cybersecurity concepts and tools. They provide the education community various resources including cybersecurity curriculum guidelines and the Outsmart Cybersecurity Collection, which guides students to build their foundation of data care principles and practices. Also available are interactive cybersecurity games and podcasts that provide expert advice. They also partner with Teach Cyber to offer pathways for students to explore careers in cybersecurity. 

“You don’t have to have a background in cybersecurity to teach our youth and provide future opportunities in the cybersecurity space,” says Dr. Alisha Jordan, Director of Education for the National Cryptologic Foundation. She recommends that any educator interested in learning more should sign up for an account and newsletter on their website.

What’s Ahead in Cybersecurity 

With the avenues of attack growing, districts cannot rely on outdated methods to stay secure. The 2022 CiSA report recommends that districts explore several strategies to  meet the increased demands of the cyber risk landscape, including: 

  • Making all employees part of the district’s security defense
  • Keeping patches up-to-date  
  • Restricting unnecessary access 
  • Implementing multi-factor authentication 
  • Following industry best practices 

Educators also need to stay abreast of cybersecurity trends. For example, cybercriminal gangs and sophisticated advanced persistent threat (APT) groups are actively recruiting AI and ML specialists who design malware that can evade current-generation threat-detection systems. While developing these AI capabilities is a lengthy process,  they already can facilitate easy and undetectable network access with malware-free intrusions and valid credentials.

In addition, cyber criminals have tapped into the highly popular ChatGPT AI to refine malware, personalize phishing emails, and finely tune computations to steal highly sought access credentials.

On the plus side, we are seeing some noteworthy cybersecurity developments. Leading cybersecurity vendors such as AWS, Google, and Microsoft are prioritizing investment in AI and ML research and development in response to increasingly complex threats. 

AI may also be a game changer for districts against cyber attacks, with its potential to help build automated security systems, support natural language processing, refine face detection, and be a part of predictive threat- detection systems. 

While not a substitute for committed experienced IT personnel, robust infrastructures, and knowledgeable users, AI technology will soon be able to help districts fight the good fight in regard to cybersecurity.