On March 7th, 2021, the Broward County Public School System, the sixth-largest K-12 district in the United States, emailed parents notifying them that "an internet outage" would disrupt online learning for 271,517 students enrolled in 327 different schools. By March 27th, 2021, the truth of what had occurred to disrupt learning came to light. Databreaches.net was the first organization to detail that the Broward Public School System had been rocked by a ransomware attack requesting a $40 million fee to secure district data and prevent it from being compromised in a data breach. Due to school administrators choosing not to pay the ransom fee demanded, over 26,000 sensitive records were leaked and published online. That allowed hackers worldwide to gain access to sensitive information relating to student health, educational progress, addresses, telephone numbers, and many other types of records. It is essential to note that the official recommendation of the United States Federal Bureau of Investigation (FBI) regarding countering ransomware attacks is not paying out ransoms because doing so does not guarantee that a criminal organization will follow through and not leak sensitive data online. Rather than being an outlier, this incident is more representative of the new normal American school districts are facing in recent years. Data breaches are a national emergency that every K-12 parent, educator, and administrator needs to take seriously, given the dramatic uptick in cyber-attacks against schools that have been analyzed extensively by leading cybersecurity research organizations in recent years. Data breaches targeting schools are a particularly heinous type of crime because of the immense dangers they pose to students, teachers, administrators, families, and the vital educational resources K-12 schools need to survive and thrive. In 2021, the global cost of data breaches has been projected to reach as high as $6 trillion. This amount is especially staggering when put in the context that the average data breach costs roughly $3.86 million to address and takes up to 280 days to contain, according to leading research conducted by IBM. K-12 school systems in the United States are heavily burdened because of the ongoing effects of the 2020 coronavirus, subsequent lockdowns, and immense digital transformation initiatives that have come about, placing online and remote learning at the center of many district's current strategies for offering educational instruction. Data breaches affecting schools victimize nearly every type of stakeholder connected to communities. That alone should be a dramatic wake-up call and rallying point for parents, teachers, students, and administrators. This article outlines the massive national security threat data breaches are posing against schools and provides parents with the insight they need to ensure their school district is doing everything in its power to reduce vulnerabilities and promote greater cybersecurity.
K-12 Cybersecurity is a Matter of National Security that Every Parent Should Be Concerned About
Guilderland Central School District sits just outside Albany, New York, and serves roughly 4,882 K-12 students annually. On April 22nd, 2021, district parents received notification of a ransomware attack, and subsequent data breach had exposed student, teacher, and administrative records online, and the fallout was quite immediate. Within days, parents reported a wide variety of fraudulent and other types of criminal activity being initiated, utilizing the records leaked online in the data breach. For some families, this meant that personal data and records of kindergarten students had been used to secure car loans and open up lines of credit in foreign countries. For other families, this meant that human traffickers and sexual predators now knew exactly where their children lived, what their medical status was, as well as when they might be at school or engaged with other extracurricular activities. This data breach also meant that hackers could now gain access to their children's digital devices to spy on them or attempt to commit additional crimes against them at a future date. Like Broward County Public Schools, Baltimore County Public Schools, Springfield County Public Schools, and Fairfax County Public Schools, families quickly learned that it is much more challenging to time-consuming to respond to a data breach after it has occurred. Instead, they should ensure the latest cybersecurity initiatives are already in place to prevent a breach from occurring in the first place. These are painful and challenging lessons that parents, teachers, students, administrators, and communities learn firsthand across the United States. Data breaches and other types of cyberattacks against K-12 schools are increasing for a variety of different reasons. Cyber threat actors can benefit from seizing the data schools have to profit in various ways, none of which are likely to align with the mission, values, security concerns, and educational objectives most families cherish. Data breaches have created a national emergency, and it's time for our nation to respond with more sensible local, state, and federal policies for reducing cybercrime. It is simply unacceptable to sit back and watch as more innocent young people are victimized by criminals from both within and outside the United States. The time has come for parents to demand that school districts take concrete steps towards reducing cybersecurity risks by initiating modern cyber defense practices. They must also take the time to teach parents, teachers, students, and administrators about cyber resilience best practices.
It's Time to Take Action to Protect Our Nation's K-12 Schools
Gradient is the most trusted cybersecurity organization tasked with safeguarding American public schools. We offer a comprehensive array of tools allowing K-12 school districts to increase their cyber resilience by having a more transparent overview of the scope and impact of current digital security challenges. Our information security expert researchers extend the knowledge base of K-12 school systems and ensure that best practices are being followed to protect students and communities from the encroachment of cybercrime. We take topics of cyber exploitation against schools seriously and are here to offer the expertise your school district needs to ensure safety. Reach out today and let us help protect your students.