The Wall Street Journal has documented nearly three dozen ransomware attacks against school districts since the pandemic began in March. In July alone, school districts in New Mexico, Nevada, Louisiana, Oklahoma, Alabama, Connecticut, and New York fell victim to cyberattacks. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations.
HR Technology News: Technology and Workforce Organizations Unite to Pathway More Women, Women of Color and Women Returning To The Workforce Into Tech Jobs
According to Microsoft’s Global Threat Activity tracker, 61% (nearly 4.8 million) of malware encounters reported within the past 30 days also took aim at the education sector, making it the most affected industry. The business and professional services sector came in second, with just under 1 million incidents.
Earlier this year, the Federal Bureau of Investigation issued a security alert about the threat of ransomware to schools. Many public institutions, including hospitals, local governments, and colleges, have been hit with ransomware attacks this year, but school districts make for an especially tempting target due to their often thinly staffed technology departments and networks full of personal data.
HR Technology News: TecHRseries Interview with Blair Young, Senior Director of Product, MindManager
“Cybercriminals are preparing to attack with malware, ransomware, phishing schemes, and denial-of-service attacks,” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams. “The more devices connected to an educational institution’s network, the more data is generated, and, therefore, the more tempting the attack. This may lead to devices being infected, putting networks and students’ personal data at risk of exposure.”
The consequences of successful attacks can be devastating. In September, hackers published students’ grades, employees’ Social Security numbers, and other sensitive data from the 320,000-student Clark County School District in Las Vegas when a ransom wasn’t paid. A DDoS attack in Ohio’s Toledo Public Schools in October resulted in the exposure of students’ and employees’ Social Security numbers, data about students’ disability, employee evaluations, and exam grades.
HR Technology News: Remote Collaboration: Common Challenges and Solutions