Hi, everybody - Chad here. Well, luckily for all of us who live near the swimming pool at my condos, it’s back to school time! And you know what that means: no, not homework and new shoes. Today, I’m focusing solely on the now-annual and still alarming uptick in ransomware attacks in the Education sector this time of year. While it may come as no surprise to those of us in the industry, it’s still shocking to see graphs like this one from a recent Comparitech ransomware report:
As you can clearly see, September kind of sucks - which is a sentence I haven’t had to type on the Internet since season 2 of Fringe. But in general, attackers know that as schools get back into session (especially in our post-Covid world), things will be hectic. This can present them with a window of opportunity, so to speak. If I know that a school district has ~5,000 students coming back onto campus (or worse, learning remotely) at once, then I can assume that their SysAdmins will be a bit distracted, at the very least. This is why you see such an uptick.
As verified in the Comparitech report, over 1,700 schools/colleges were attacked last year, costing close to $2B. That “B” stands for “Billion”, if you were unclear. Before coming to Automox, I spent over 6yrs at a network security company, focusing on stopping things at the “edge”. Take it from me: you will always need a layered approach to cyber hygiene, regardless of your organization’s size, industry, or age. In the Education world, it can be even tougher, as BYOD has become a popular necessity over the last few years.
As a former teacher and a former SysAdmin and a former Network Security Dude®, this just happens to be one of those areas I’m passionate AND knowledgeable about. While I can’t tell you what to do with your particular skillset(s), I can ask that you use good judgement and leave the schools alone. I can only hope they have good patch automation and a solid network perimeter, but we all know those new football uniforms come first!