How to Fortify Your School Networks After a Cyberattack
Thanks to the speedy response, the district was able to open school again after a long weekend. Bowman says that two backup systems were in place at the time, but one of them failed, as it had not been regularly tested. Still, the district was able to restore its student information system from snapshots of its VMware environment, which was segregated from the rest of the network and required unique login credentials.
In the wake of the incident, Albuquerque Public Schools deployed Sophos Managed Detection and Response across its environment. “We put a lot of effort into making sure it was installed on all of the computers that needed it,” Bowman says.
Bowman says the district is now also more proactive about testing its backups, staying on top of patching, training its employees to spot phishing attempts, and taking advantage of cybersecurity resources from the state and federal government.
“It’s about vulnerability management,” Bowman says. “If you have systems that have not been patched and there are exploits out there, you’re just asking for trouble.”
DIG DEEPER: Schools with small IT staffs and budgets call in backup.
Why Proactively Investing in Cybersecurity Pays Off
Leaders at Judson Independent School District in Texas have been extraordinarily transparent about a ransomware attack against the district that occurred in June 2021, just over a month after Lacey Gosch, assistant superintendent of technology, assumed her role.
“It moved very rapidly through our system,” Gosch recalls. “It took down pretty much every device across the entire network. It was automatically deleting all of our files, and we could see it happening in real time.”
The district was able to recover nearly all of its data from tape backups, but the attack turned out to be a “double extortion” incident, in which the cybercriminals threatened to publicly release the district’s data unless it paid a ransom. The information included decades of sensitive student and employee records, and the district ended up paying more than $500,000 to prevent the release.
“Our aim was to protect the data of our students, of our staff and all those that have been connected to the district,” Gosch says. “To my knowledge, the data was never released, and we really have not had any issues or concerns.”
It took more than a year for officials to notify everyone whose data was accessed, and Gosch estimates that the district’s total recovery costs were as high as $7 to $8 million.
In the wake of the incident, Judson ISD has made a number of improvements:
The district also banned the use of any external hard drives or thumb drives. Gosch says the attack made its way onto the network through an infected employee device, and she notes that the district’s current EDR tool would have detected it “almost immediately.”
Incidents like the one Judson ISD faced, Gosch says, highlight just how heavily K–12 districts have come to depend on technology. “It does bring to light the importance of making that investment in cybersecurity,” she says. “People don’t like to spend money on things that they can’t see, and cybersecurity is one of those things that runs in the background.”
“It is far better to invest on the front end,” Gosch adds. “An ounce of prevention will save you millions on the other side.”