Distributed denial-of-service (DDoS) attacks probably aren’t on your radar. When cyberattacks make the news, you typically hear about ransomware demands. But DDoS attacks are just as costly, and are increasingly a concern for K–12 schools.
Denial of Service Attacks on Schools Jumped 350% in Early 2020
Between January and June 2020, Kaspersky reported a 350% increase in DDoS attacks on schools. The increase is likely due to the pandemic. Schools shut down. Kids and teachers had to interact online, opening new vulnerabilities cybercriminals could exploit.
Schools will remain dependent on technology
For some school systems, computers, Chromebooks and tablets were teaching tools before the pandemic. But lockdown accelerated the adoption of technology across the board. Even with kids back in the classroom, technology and the internet will play a dominant role in the school day. As yFor some school systems, computers, Chromebooks and tablets were teaching tools before the pandemic. But lockdown accelerated the adoption of technology across the board. Even with kids back in the classroom, technology and the internet will play a dominant role in the school day. As your school system embraces new technologies, you also need to understand threats and embrace education-focused managed IT cybersecurity solutions to keep your students, teachers and district safe.
What Is a DDoS Attack and Why Does It Matter?
A DDoS attack occurs when cybercriminals overwhelm the network of an organization with unnecessary requests and traffic from several sources, preventing the legitimate business from being fulfilled and exposing potential breach points. The sources are typically machines that have already been compromised and infected with botnet malware. You may recall the DDoS attack on personal use apps like Twitter and Netflix, which took those applications offline for almost an entire day.
But the goal isn’t only to bring applications offline
According to DigitalAttackMap.com, Once infected, these machines can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack against any target. While in the infected network, criminals can scrounge around for critical information such as social security and credit card numbers and other proprietary information.
The threat isn’t new
DDoS attacks have long targeted industries like finance and banking where cybercriminals can gain access to important financial data. But now, even nonprofit organizations such as healthcare and educational institutions are being victimized.
As far back as 2016, THE Journal reported how education had become the most targeted sector for malicious attacks, beating out healthcare.
What Happens When a School Suffers a DDoS Attack
In the summer of 2017, a DDoS attack infiltrated the Miami-Dade school district. According to the Miami Herald, the cybercriminals infected the systems with malware that turned off the logs recording who accessed the systems.
Student Social Security information was part of the target, but not the only goal
The Miami Herald reported that the criminals were a hacking group from Morocco and penetrated the defenses of four different school district networks. Their main goal was to find their way into government organizations from the school systems, according to the Herald and United Data Technologies, Inc. (UDT), and search for some way to slip into other sensitive government systems, including state voting systems.
Ultimately, the hackers were never able to find the information they so long sought. But the attempted hacking exposed the vulnerabilities of Florida’s school district networks: vast computer systems that store sensitive information on thousands of students and their parents, and could potentially provide a backdoor into other government systems, reported the Miami Herald.
In some cases, students are behind DDoS and other types of cyberattacks. In 2015, three high school seniors in New York were accused of hacking into their school’s computer system to change grades and schedules.
Defending Against DDoS and Other Attacks: Why School Districts are an Easy, Desirable Target
Today, many school districts are using older networks and legacy hardware and software systems that make it easy to hack. Cybercriminals can then collect information, such as Social Security numbers and credit card information from students and faculty.
As the Miami Herald explains, unlike corporations with trade secrets and data to protect, most school districts have systems that make connectivity easy. With free WiFi in school buildings, there are thousands of opportunities for a hacker to gain access to a school’s network. Students downloading free apps on their phones or hopping from one school computer to the next can spread a computer virus faster than a viral video on TikTok.
Cybercriminals only need to be right once
Layered cybersecurity is essential for every organization. If you have layers of security, you increase the likelihood that you’ll stop a hacker before they have a chance to infiltrate your network.
For instance, with only anti-virus and malware protection, you won’t catch malware unleashed by a phishing email. But if you have a trusted cybersecurity partner utilizing advanced tools for scanning and detecting suspicious activity, your team can spot and prevent a cyber disaster.
This is how we prevented one of our clients from inadvertently wiring money to a hacker. Our tools flagged suspicious activity in their email system. We verified the threat was real and immediately stepped in to prevent the transfer of funds.
How you can fight back
To defend against DDoS, some districts employ backup internet service providers to keep networks running and instruction uninterrupted.
According to Education Dive, school districts are relying on better firewall protections, new networking tools, and better network design. This is a good start, but you should do more.
Add employee training and reliable backups
Whether it is DDoS or ransomware or even phishing scams, such attacks can be incredibly disruptive, and experts suggest taking a proactive approach to cyberthreats by educating staff on how to identify email or other scams, finding the weak links in networks, partnering with an IT managed services provider with experience with educational institutions, and keep protocols in place to ensure reliable backups exist in case of attack.
Educational institutions are obligated to ensure their data is properly protected
CIPA (Children’s Internet Protection Act) was mandated by Congress in 2000 and noncompliance can cost schools needed funding.
Your Students Deserve a Safe Learning Environment
Technology can create rich, immersive learning experiences. It eases communication between staff, parents, and students. You rely on IT systems for everything from student records to interactive lessons. Don’t let an attack jeopardize confidential information or cost your students a day of learning.