Tech Time Warp: Back to school and back to hacks

Now that we are past Labor Day, school is back in session across the United States—which means summer vacation is over for cybercriminals, too. Let’s dive into this week’s edition of Tech Time Warp.

The education sector is increasingly a target for cyberattacks:

• The nonprofit K12Six documented over 1,600 cyberattacks against U.S. school districts between April 2016 and November 2022. This included more than 300 ransomware attacks.
• K-12 and higher education institutions lost more than an estimated $53 billion in downtime related to ransomware attacks between 2018 and mid-September 2023, with over 6.7 million personal records compromised, according to research from Comparitech.

Lessons from Baltimore County schools and Lincoln College

Notable education-sector cybersecurity incidents include a November 2020 ransomware attack against the Baltimore County Public Schools. According to post-incident reports, the school district incurred nearly $10 million in recovery and upgrade efforts. Schools were closed for several days, and payments to retired employees were disrupted until 2022. The Maryland state auditor traced the network infiltration to a malicious email attachment and found the district had ignored security recommendations for nearly a decade.

Likely the most infamous education cyberattack to date is the December 2021 ransomware attack on Lincoln College in Illinois. Already reeling from decreased enrollment due to the COVID-19 pandemic, the college lost access to its data. They had to stop admissions activities after being hit with ransomware originating in Iran. Lincoln College didn’t regain access to its data until March 2022, but by then it was too late to recover—and the college closed its doors for good in May 2022 after 157 years of operations.

Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.

Photo: Drazen Zigic / Shutterstock