Thousands of school websites have fallen into a cyber attack. It will happen again, experts say

Nearly 5,000 schools and colleges saw their websites go dark recently when a ransomware attack targeted Finalsite, a private company that provides web hosting and other communication services.

Finalsite works with 8,000 schools and colleges in more than 100 countries and is still researching the January 4 incident. ransomware attack It is when hackers breach the computer system of an organization or an individual and then demand payment to restore the system.

But at this point, seven days after the attack, “we found absolutely no evidence that customer data had been compromised or extracted,” Finalsite spokeswoman Morgan Dilac said during a press conference on Zoom.

The incident, which affected about 3,000 K-12 public schools in the United States, is more than just another example of how pervasive the cybersecurity problem is.. It’s also a stark reminder that school districts need to think not only about their data security systems, but also those of the technology and education companies they work with, experts say.

“One of the things we saw in K-12 education is [increased] Amy McLaughlin, director of cybersecurity for the School Networks Consortium, said schools and districts have been targeted for ransomware attacks., a group representing the chief technology officers of school districts. “And I think we’re also starting to see an increase in targeting of vendors that support K-12 schools and school districts.”

K-12 Cyber ​​Security Resource Center, a research organization, found 408 publicly disclosed cyber attacks against K-12 schools or districts in 2020, an 18 percent increase from the previous year. Doug Levine, the group’s national director, said the center is still collecting data for 2021.

And last year, region-wide educational technology leaders ranked cybersecurity as their number one concern for the seventh time in a row, in a survey released by CoSN.

It’s not unusual these days for a school district to have two or three hundred tech vendors who help with everything from controlling the school bell schedule to running apps that teach kids math concepts, Levine said.

It’s a challenge for district leaders just to keep track of the vendor’s cut size, not to mention puzzle with questions like, “Which ones do a good job with cybersecurity? What does that look like? What requirements and standards should they be?” [vendors] to me? Levin said.

Dilac said Finalsite constantly monitors its networks and noticed the ransomware on the day the attack occurred. She said the company had taken the “proactive” step of shutting down its system and rebuilding it again in a “clean environment”. She explained that this is why it took several days to get school sites back up and running again.

As of January 10, Dilac said, schools are able to use “the greater part” of the company’s system, and Finalsite is working to restore the remainder of their services.

Dilac said Finalsite was able to find out who hacked into his system and how they got in. But it declined to identify the attacker or determine whether the company – or its insurance company – paid the ransom, citing the company’s ongoing investigation into the incident. Nor was she able to share details of any next steps for potential legal action.

She said the investigation also prevented her from immediately sharing details about what Finalsite would do differently to protect itself and its customers in the future. But once the investigation is complete, “we fully intend to be as open as possible with our customers and the public about what we’ve learned” without compromising data security, Dilac said.

A district official Levin spoke to was frustrated that the district initially learned that its site was offline through a website called “DownDetector” rather than Finalsite itself.

Dilac said that not letting counties know that their websites were down due to an attack was a mistake on Finalsite’s part.

“One area we definitely learned from the moment websites went down globally was that we should have sent a message but we didn’t and fully admit that this wasn’t the right thing to do,” she said.

She said the company notified its customers of the attack as soon as officials in the organization had time to call and get a better understanding of the problem. Since then, she said, the organization has been in constant contact with its clients, including providing a form for sharing information about the attack with parents.

“While there were some who were unhappy with our response, there are dozens of others who email us directly and publicly share their satisfaction with the way we handled the issue at hand,” Dilac said in an email.

McLaughlin said the incident “really highlights the importance of schools and districts knowing about the responsibilities of the vendor community.” When purchasing services from a vendor, school districts should make sure they understand whether the company is backing up their systems and data. They must know the seller’s plan to restore service in the event of an interruption.

What’s more, in this particular case, school districts that rely on the final web hosting site need to make sure they have a backup communications plan, McLaughlin added. The flow of information from central offices to the public can be disrupted much more than ransomware – there are floods, natural disasters, widespread power outages, and other factors that can get in the way as well.

“Anytime you have a communications dependence, you should have a replacement,” McLaughlin said.

Leave a Comment