May 20, 2021

Visibility and Control: Tackling the Cyber Threat Epidemic in K-12 Schools

The education sector has been a target for cybercriminals. Schools need to ask tougher questions and put the right technology in place to stop threats before they happen.

By Tanium Staff

It’s been a year of drama and disruption in the US education sector. School districts responded courageously to the pandemic with rapid digital transformation efforts.

But it’s opened more avenues for attack by financially motivated cybercriminals. In most districts, resources are tight, but so too is insider knowledge on how to tackle the threat.

By asking the right questions and putting the right people, process and technology measures in place, districts can go forward with confidence.

Cybersecurity is the last thing on the minds of too many school districts right now, as they focus on “keeping the lights on.” But if you don’t address security gaps, those lights could very easily be turned off again.

A record-breaking year

The pandemic has shown cybercrime in its true colors. Ransomware actors were prepared not only to target hospitals battling COVID-19 on the frontline but also to deprive children across America of their education.

Over 2020 they became increasingly audacious in their demands and prolific in their targeting of school networks and remote teaching resources. Here are three examples:

  • In Florida, a $40 million ransom demand was met with incredulity by Broward County Public Schools.
  • In Baltimore County, 115,000 pupils were locked out of remote lessons by similar tactics.
  • In Hartford, Connecticut, 200 of the district’s 300 servers were locked down by ransomware in September, delaying the start of the fall term.

Schools have long been a popular target for cybercriminals, given the large amounts of personal and financial data they store on staff and students. Think teachers’ payroll information, perhaps, or students’ identity data. The latter is popular on the black market, where it’s often used in credit card application fraud — the idea being that the victim, as a minor, is less likely to notice.

So how bad were things really in 2020? According to a recent report from nonprofit K-12 Cybersecurity Resource Center, the sector witnessed “a record-breaking number” of publicly-disclosed incidents.

Many resulted in “school closures, millions of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud,” it notes.

Where are you most exposed?

According to David Irwin, co-founder of Thru and former Gartner K-12 Education global lead, resources are always a challenge.

Even if a district has a nominal income in the tens of millions of dollars, most of it goes to teachers’ pay and pensions.

Cybersecurity must compete with other essential IT resources and operational spending. Often it fails to win out. There’s also a lack of in-house IT talent or cyber-aware leadership, he says.

“A superintendent’s background is usually in teaching and learning, and all of a sudden they’re in charge of the largest budget of any organization in the community, and they take on all these responsibilities including security,” Irwin explains. “But these are things just foreign and unknown to them. Their background and experience usually doesn’t include learning about cybersecurity threats.”

Digital transformation and remote learning created a perfect storm

Now, combine this with the new reality of rapid digital transformation and remote working/studying, and you have a perfect storm of cyber risk.

“With everyone forced to leave within a week due to COVID, schools were just scrambling to get the devices out to support these kids. Then they found that the tools they used to manage them on-premises just didn’t work anymore. They had no way to find out what was happening,” Tanium Education Technical Solutions Engineer Doug Thompson explains: “Then we get the apps schools are using for remote learning, which are often being vetted by teachers, who don’t have security and privacy front-of-mind. And if you’re the IT department that says ‘no,’ they’ll just find workarounds.”

The bad news is that it takes just one unprotected endpoint or misconfigured account to let the bad guys in, then they can move laterally to find high-value data and/or assets to deploy ransomware too, he warns.

Of the publicly reported named threats analyzed by the K-12 Cybersecurity Resource Center, data leaks and breaches were most common (36%) last year, followed by ransomware (12%), with phishing accounting for 2%. But in reality, the lines between all three are blurred. In fact, phishing is a popular initial threat vector for both data breaches and ransomware.

“Often scam emails and password reset requests are fired in at the start of the new term when IT teams are distracted with other business,” says Thompson.

The bottom line is that these bad actors know what they’re doing. They may have carried out detailed reconnaissance ahead of time and researched the annual budget of the district (i.e., what it can afford to pay in ransom). They also know that many such organizations have cyber insurance today and may therefore be more willing to pay up.

Questions every district should ask about cybersecurity

When it comes to cybersecurity, school boards should be asking tougher questions of district IT departments, according to Irwin. He suggests having answers to the following:

  • What types of security measures and policies are in place?
  • What type of technology is in place to help monitor devices?
  • What actions do we take to protect the district from cybersecurity incidents?
  • What is our plan for addressing cybersecurity with our employees?
  • If a breach occurs, what’s our response plan?
  • Do we have the right security talent on board or on the ready?
  • How do we quantify our risk exposure?

How Tanium can help

It all begins with IT asset management and governance, Irwin says. That chimes with a mantra often repeated at Tanium: “You can’t protect what you can’t see.”

Other key layers include:

  • Comprehensive risk assessments
  • Access controls
  • Data security
  • Security monitoring (intrusion detection)
  • Incident response planning

Tanium provides crucial insight into your IT assets, wherever they are — on school campus networks or virtual-learning settings.

Now you have visibility. You can also use Tanium to gain control of these endpoints at speed and scale — to discover and fix unpatched systems, discover and manage sensitive data, monitor for non-compliance, and automate patch management and policy enforcement.

Tanium also helps with threat detection and response to tackle suspected attacks before they have a chance to impact the organization.

It all adds up to insight and control at scale, no matter how complex your environment and how persistent the cyber threats facing it.


Find out how Gwinnett County Public Schools, one of the largest school districts in the U.S., protects its data with Tanium.

Ready to try Tanium in your environment? Sign up to try full access of Tanium free for two weeks.