Young public school students are being targeted by hackers
K12 Security Information eXchange: One reason school cyberattacks are on the rise? Schools were easy targets for hackers, source: Anne Neuberger
The director of the K12 Security Information eXchange, says that the federal efforts are a good start, but they are not enough for the scale and severity of the attacks.
Anne Neuberger is the deputy assistant to the president and the deputy national security advisor for cyber and emerging technology.
She says the White House doesn’t have the authority to require minimum school cybersecurity protocols, like they can with rail, airports and pipelines.
We have to move more quickly and with more conviction. We think that we’re going to need a much more robust effort from the federal government to make progress on this issue,” he says. “Tomorrow is too late.”
New Mexico’s Elder’s district has beefed up security. There’s ongoing training for all staff, including tests where the IT department sends out fake emails to see if staff click on them.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Why schools are easy targets for hackers? Reflections of Atlanta District Superintendent Marten Elder on Cyber Security and Cybersecurity: Why school cyberattacks are on the rise?
He says that he’s become paranoid in the past few years. He was invited to a cybersecurity summit at the White House, but didn’t believe that the email was authentic.
“I got the email and I went, ‘Oh, good one! This is a great one, I’m going to the White House! ” he recalls thinking incredulously. He reported it to the IT department.
Elder is trying to get everyone to understand the importance of cyber safety in the district. He says that even though you’ve been hit by hackers, it doesn’t mean it can’t happen again.
Atlanta wanted everyone to change their passwords so they were more complex. The district also made cyber security training mandatory for all staff, so everyone had to learn to recognize possible phishing emails and other safe practices.
Do you have something in your culture? It needs to be more than just the tech person. It’s got to be every teacher, every school secretary, every student that logs into any district device.”
“Those three things. If every district in the country did those things that don’t cost money … we [would] have a way to defend and protect our schools,” Marten says.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Why School Districts are Facing Cyberattacks? How Do Schools Cope? A Security Expert Explains the Case for Cyber Security Efforts
The first step is to have complex passwords. The second is multifactor authentication, which means users have to enter more than just a password (a code sent to their phone, a fingerprint scan, etc.) to log in to their account. And the third is keeping software up to date.
Callow, the cybersecurity expert, says even now many school districts don’t have basic prevention protocols in place. But it’s hard for leaders to make the case for spending on cybersafety when education budgets are already tight.
School systems of every size have been hit by cyberattacks, from urban districts like Los Angeles and Atlanta, to rural districts in Pennsylvania and Illinois. And the problem has been growing.
“They think it shows that you failed somehow. I don’t think that we failed. This is a fact of life for me, and you need to be prepared to address it.
School District Cyber Security Hackers are Easy Targets for Hackers: Scott Elder, Scott, and the Federal Bureau, after a Communications Security Attack
Johnny isn’t trying to break in and change his grades in his room. We are a school district. We were not able to go to cyber war with foreigners that were well funded.
Elder says the FBI told him that the attack on his district was carried out by overseas hackers. He was surprised by the scope of the operation.
The Albuquerque district was in the middle of getting quotes for cyber insurance when the attack occurred, according to Elder. After the attack, their costs went up a lot.
Scott Elder has a pretty typical morning routine. He drinks coffee and feeds his dogs, a rat terrier and a chihuahua, at 7 a.m. Elder’s routine was disrupted by a phone call.
Elder was told by the FBI not to give specific information to families. And district leaders couldn’t use email because they didn’t want to risk spreading the virus. So Elder set up robocalls and did media interviews to get the message out.
The bug was in the student records system. Elder’s IT staff shut that network down. It meant that teachers wouldn’t have basic information about the students in the district. Not knowing children’s bus routes, being locked out of grading systems and being unable to take attendance were some of the drawbacks of being an education professional.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
Zoom Bombing: What Happens When Students Get Their Free Password and They’re Unintentional,” said a U.S. Representative
“After 7 a.m., I was mildly disturbed and worried, but after 9 a.m., I realized that we had a real problem, and I was sick to my stomach as a result,” he said.
Some experts say the attacks are carried out by hackers outside the U.S. They can involve ransomware, where hackers lock data up and demand payment to “unlock” it. They may also threaten to release data publicly if districts don’t pay up.
One of the reasons for the attacks being called zoombombing is that someone can intrude on a video call, often with pornographic images, and deny or slow the use of networks.
The more information is collected on a student, the more vulnerable they are in the event of a data breach.
It takes some districts nine months to recover after an attack, according to a report by the U.S. Government Accountability Office.
“Schools are low hanging fruit and represent the majority of district leaders around the country,” says a spokeswoman for the association. She says schools are often a community’s single biggest employer, and school systems collect a lot of data.
The Cost of Cyber Security, Paychecks and Warehousing: The Case of the School Cyberattacks are On The Rise?
That makes it very ripe. The data is so sensitive and so personal that there’s a huge vulnerability.
“I said, ‘We’re not coming back until we know for sure it’s safe for kids,’ ” Elder recalls. ” ‘And I know that’s frustrating I know you want a date but I’m unable to tell you that at this time. “
When he was told in July of last year that some staff had not been paid, Aina began to investigate. He learned that employees who had clicked on phishing emails a couple of weeks back had unwittingly given hackers entry to their payroll details. Hackers went in, changed the bank details and employee salaries were rerouted.
“Some of those firms charge upwards of $400, $500 an hour. We took laptops from all the people that were affected. We took the forensic data from all the hard drives. It was just a lot of man hours and a lot of effort and a lot of consulting time.”
The costs more than doubled from there. They paid for a retainer agreement with a security firm, bought cyber insurance, installed additional software and hired specialized staff.
Source: One reason school cyberattacks are on the rise? Schools are easy targets for hackers
“Hackers are targeting young public school students,” Ms. Gravatt says. “It was a real break in privacy for me and my children,” he adds
Spending on cybersecurity wouldn’t be popular. “And schools often don’t have the expertise to know where they should be directing their money either.”
Gravatt says the Minneapolis incident was an extreme break in privacy for her and her children. She was a student at Minneapolis Public Schools and had data in the system.
The officials of Minneapolis Public Schools weren’t available for an interview. In a written statement, the district said it sent written notice of the attack to more than 105,000 people who may have been impacted by it.
Gravatt says that the incident was “really huge”. It was more than just school records. It was health records, it was all sorts of things that should be privileged information that are now available to the public.
“As it turns out, the identity information of children is actually more valuable to them than that of adults,” says Doug Levin, director of the K12 Security Information eXchange, a nonprofit that helps protect school districts from cybersecurity risks.
He says stealing a child’s identity may seem counterintuitive because they don’t have resources of their own, but it can cause “a lot of havoc.” Parents don’t necessarily monitor their children’s credit and bad actors can easily open up bank accounts, rack up debt and apply for loans in a child’s name.
Source: Hackers are targeting a surprising group of people: young public school students
Cybersecurity Hackers are targeting young public school students: A surprising group of people: Students. The Twin Cities Innovation Alliance says it’s all about protecting children, not harming children
According to Levin, the school system’s educators are a little bit like pack rats. There is often a lot of information collected that is not deleted when it’s no longer necessary.
When a school system gets hacked, advocates say that Black and brown students are especially vulnerable. According to a Minnesota Department of Human Rights report, black students are eight times more likely to be suspended or expelled than white students.
“So that also means more of their information is being input in the system,” she says. She co- founded the Twin Cities Innovation Alliance to help educate parents about how their child’s data could be used.
A student may have a history of drug use that was successfully overcome, or their record may have been expunged but it is now publicly available. That information could resurface in college applications, job interviews or in court hearings.
“Given how polarized the public is today about issues like gender identity, about maybe even pregnancy or immigration status, if some of that information became public for specific individuals at specific points in time, it could be absolutely life threatening.”
Minneapolis Public Schools gave impacted individuals free credit monitoring for a year, and it also gave them guidance on how to protect against identity theft and fraud.
If a family suspects a crime, they should call national consumer reporting agencies and reach out to the Federal Trade Commission, as well as the state attorney general and local law enforcement.
Source: Hackers are targeting a surprising group of people: young public school students
How scared was I? The overwhelming feeling of a parent dealing with their child’s physical and cyber safety as a result of their decision to move?
Minneapolis parent said it felt really overwhelming. She thinks it’s unrealistic to believe parents have the time or capacity to do everything the school district suggested.
I tried to be like an ostrich about it. I put my head back in the sand, and I kind of was in the mindset of, well, if there’s a knock on my door and [someone] tells me my 7-year-old just bought a boat, I’ll show him where he is! And hopefully it won’t be hard to get the charges reversed.”
Her family has since moved to a different school district, but Flanery says the whole experience was scary. She always worried about her children’s physical safety as a parent. She is worried about cyber safety.
Parent Celeste Gravatt is concerned as well. She did not want anyone to open accounts in her children’s names. She’s especially worried that one of her kid’s health information will be made public. She still feels anxious when she thinks about it.
“I’m not what I would call a tech savvy person. I wonder if I’d even be aware if someone came to me with information that they shouldn’t have. I don’t know.”