Ransomware, Critical Infrastructure Security

K-12 schools lack resources, remaining top target for cyberattacks

A yellow school bus is parked by a school in Los Angeles.

The K-12 sector remains a top target for cyberattacks despite its security capabilities improving over time, according to a new report published Monday by the Center for Internet Security.

The report noted that the education sector's cyber maturity lags behind other sectors due to limited internal resources for defense against threat actors, with nearly a fifth of K-12 schools spending less than 1% of their IT budget on cybersecurity. It also found that K-12 schools lack cybersecurity strategies, with 81% not fully implementing multi-factor authentication (MFA) and 29% not using MFA at all.

"Many K-12 school districts are data-rich and resource-poor, making them attractive targets for financially motivated cyber threat actors, and relatively easy targets for hacktivists, those who break into a computer system for politically- or socially-motivated purposes, determined to grow their reputations and name recognition," the report read.

While the study found 83% of schools have cyber insurance, Karen Sorady, vice president for member engagement at the Multi-State Information Sharing and Analysis Center (MS-ISAC), said that more can be done.

“Cyber liability insurance is one tool that can help schools recover in the event of a cyberattack. However, it is not always affordable, particularly for smaller schools, and it will not stop an attack from happening. Therefore, it is also as important for schools to adopt cybersecurity basics, such as CIS Controls, to prevent successful attacks,” Sorady told SC Media.

The report comes two weeks after the Cybersecurity and Infrastructure Security Agency (CISA) hosted a national summit on K-12 school safety and security to address the complex threats facing the education sector.

Jen Easterly, director of CISA, said during the event that ransomware is one of the most impactful and persistent threats targeting the K-12 schools and districts, which aligned with the CIS report. In response to increasingly frequent ransomware attacks, CISA recently launched an information channel to share ransomware-related resources.

Besides ransomware threats, the report found that Shalyer and CoinMiner were two top malicious malware targeting K-12 entities over the past year. Shayler targets Apple macOS devices, functioning as a dropper for other macOS malware whose purpose is to spam victims with online ads, while CoinMiner, applies Windows Management Instrumentation to mine for coins.

According to Easterly, those threat actors are not "discriminatory" and target schools regardless of their locations and sizes.

"Impacts have ranged from restricted access to the network, delayed exams, canceled school days, to unauthorized access to personal information regarding students and staff," Easterly said. "[Those attacks] start at the core of the school's financial security ability to provide a safe, secure, and protected place for staff and students, and the ability to carry out the fundamental educational mission."

CISA has worked with the Department of Homeland Security to provide guidance and tools related to school safety and security.

The CIS report recommends that K-12 schools claim no-cost membership and join MS-ISAC to connect with peer organizations and collaborate with security professionals.

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.