(There’s a Hole) in the Bottom of the Sea

Many of you who have had small children probably remember the children’s song, There’s a hole in the bottom of the sea. It starts out very simply, but with each verse, it becomes more complicated.

In education, there is a hole in the bottom of the sea, and through that hole, criminal enterprises are stealing your data by increasing numbers of magnitudes.

I’m not sure if it is because schools are considered easy pickings, but at present, the education industry is the world’s most popular industry for data thieves. In fact, 56 percent of K-12 schools worldwide reported being hit by a ransomware attack last year, according to a Sophos study called, The State of Ransomware in Education 2022.

You know the problem is bad when a company like Sophos funds an important study and names it, The State of Ransomware in Education 2022. Almost all the education organizations that were attacked and had their data encrypted got some of the data back, but many weren’t taking any chances. Half of them just paid the ransom, a strategy often advised by the FBI. For those that cowboyed up and did it themselves, the cost was usually much greater.

And neither scenario was a cakewalk. On average, K-12 education organizations that paid the ransom got back 61 percent of their encrypted data. Even paying the ransom will only restore a part of your encrypted data; you cannot count on the ransom payment to restore all your data.

The overall cost to clean up the ransomware attack last year was a staggering $1.58M per incident. That’s a substantial sum, especially for small districts with only a few schools. Of course, the psychological damage goes much higher, for the reputation of the district and for the individual responsible for clicking on that suspicious link.

Why the increase in cyber-attacks to K-12 institutions? And why do criminals see schools as such easy targets? Two reasons:

One, since the pandemic hit, virtual activity has gone through the roof, with many people engaging in virtual learning that have little experience in that area. Plus, they are being worked to the point of exhaustion, and tired people make mistakes.

The overall cost to clean up the ransomware attack last year was a staggering $1.58M per incident. That’s a substantial sum, especially for small districts with only a few schools.

Two, schools deal with a large volume of sensitive data, including personal data from employees and data from minors. Because of this, the data is overwhelmingly valuable to schools, and they will do whatever it takes to get that data back and get it secured.

According to an article in Comparitech, in 2021, 67 individual ransomware attacks affected 954 schools and colleges, potentially impacting 950,129 students. They estimated that these attacks cost education institutions $3.56 billion in downtime alone. Comparitch reports that, “recently, many schools have been subject to double-extortion attempts where hackers not only lock them out of critical systems, but steal data and threaten to post it online if the ransom isn’t paid. Recent examples include Broward County Public Schools, Clover Park School District, Somerset Independent School District, Union Community School District, and Affton School District.”

So much for honor among thieves, huh?

Why are these cyber criminals so effective and so, well, dangerous? Cyber crime has become a very lucrative business. The days of a hacker in a hoodie are long past. Today’s criminals are professional, organized, and basically get the greenlight from their governments as long as they do their dastardly deeds outside their home country. These criminals go to work in swanky office buildings, have good salaries plus benefits, and generally work 9-5, Monday through Friday. Their training is getting better and better – so ours had better improve as well.

Make sure your staffs are on high alert. And please, back up everything – securely and frequently. And take the time to locate a quality cyber security firm that has experience working in education. This is key. Don’t wait until you need them. If you do, it is already too late.

About the author

Charlie Warhaftig is the Managing Director of Global Education Media