Jason McNew, CEO and founder of Stronghold Cyber Security, discusses with Mimecast Contributing writer Margot Carmichael Lester the issue of cyber attacks targeting schools. Some excerpts from the article “What You can Learn from Recent Cyber Attacks Targeting School Systems” are posted below:
Schools also get targeted because “their networks tend to be quite open in order to facilitate the free flow of information. This can make them somewhat easy to compromise,” notes Jason McNew, CEO of Stronghold Cybersecurity and a former school board director. “To a cybercriminal, this equates to low barrier to entry, with medium returns. If a hacker needs to make a few bucks, it makes sense to target schools.” In addition, most school systems have nowhere near the security sophistication or personnel as a bank or telecommunications company might have.
The takeaway for district administrators? Don’t assume that because you’re a school you’re not at risk from a cyberattack.
How to Be Better Prepared for School Cyber Attacks
School districts need to become as vigilant about cybercrime as they are about cyberbullying and physical threats.
“Even though it’s not mandated by law, schools need to voluntarily create and implement a comprehensive cybersecurity program based on one of the well-known frameworks such as NIST 800 or ISO 27000,” notes McNew, who previously worked for the White House Communications Agency / Camp David and held one of highest security clearances.
The full article on cyber attacks targeting schools is located at https://www.mimecast.com/blog/2017/10/cyberattacks-on-k-12-school-systems-are-you-ready/
In addition, the Department of Education just put out a statement warning elementary and high schools that they are prime targets for a cyber attack. Per CNBC:
“Schools have long been targets for cyber-thieves and criminals,” writes the department. “We are writing to let you know of a new threat, where the criminals are seeking to extort money from school districts and other educational institutions on the threat of releasing sensitive data from student records.”
Generally, K-12 schools do not have a full-time CSO and tend to sub-contract cyber security work out. Whom they outsource this to is vitally important, so that they can be fully prepared to deal with potential cyber attacks targettng schools.