Schools are easy targets for hackers. These cybercriminals, often operating from outside the US, have used their more sophisticated methods to exploit vulnerable school networks, as school districts often employ outdated, unsecure software to house their data. This allows sensitive student and staff data–which can include addresses, social security numbers, and healthcare information–to be accessed and used as collateral against school leadership, extorting them for millions of dollars.
This surging cyber attack, called “ransomware”, targets organizations for their data, blackmailing them with the releasing of this sensitive information. The unknown lawsuits, liabilities and resulting costs of such an event are in staggering comparison to a one-time ransom payment, and school district leadership have historically deferred to the latter option. Just like the enormous emotional toll that enacting a physical attack on school children elicits, these cybercriminals recognize the higher value we put on student information, and that this value can be extorted for even more money. School districts, whose budgets are famously stretched thin, cannot afford to leave this information unprotected.
In the last year, cyber attacks on school districts have doubled.
These attacks are not unique to schools, as they affect healthcare institutions, industrial facilities, and even our energy transportation infrastructure. New Zealand-based cybersecurity company Emisoft estimates that these attacks result in the death of one person per month.