Debunking 3 Common Myths About Ransomware Protection in Education: Insights from COSSBA Conference

Recently, I had the opportunity to attend the COSSBA (Council of School Supervisors and Administrators) conference in Dallas, where education professionals from various roles congregated to discuss pressing issues in the field. As a representative of Recon Infosec, specializing in managed security operations, I engaged with numerous attendees who expressed their concerns and beliefs regarding cybersecurity in educational institutions. Despite the dedication to safeguarding their districts, I encountered many misconceptions about ransomware protection. In this blog post, I aim to debunk three common myths I encountered during my discussions at the conference.

Myth 1: "Our District Is Fully Protected Against Ransomware"

One of the most recurring assertions I heard from school board administrators and superintendents was their confidence in their districts' immunity to ransomware attacks. Many asserted that their existing security measures were robust enough to thwart any potential threats. However, this belief often stemmed from a misunderstanding of the evolving nature of ransomware tactics.

Reality Check

Ransomware attacks are continually evolving, employing sophisticated techniques to bypass traditional security defenses. While investing in cybersecurity measures is crucial, it's equally important to recognize that no system is entirely foolproof. Education institutions must adopt a proactive approach, continuously updating and enhancing their security protocols to stay ahead of emerging threats.

Few districts are large enough to have the resources to create and maintain an effective security operations team. The IT and Security teams for these districts are often understaffed and rely on alerting technology from various vendors to protect their organization’s assets. This technology is excellent and it is a piece of the puzzle for effective security operations, but in itself it often poses its own problems. Unfortunately, it is all too common for these teams to be overwhelmed by the amount of alerts they receive and the toil required to deconflict the vast number and variety of alerts. In addition, the alert data is often coming from a variety of sources and is rarely correlated across sources. Finally, a key source of data is often missed entirely. Many districts will put in place email platform security measures and possibly even gateways to try to block malicious emails, but these technologies are far from foolproof and unless email is used as a source of telemetry for security operations there is likely a large gap in coverage and the ability to respond to incidents quickly and effectively.

Myth 2: "We Have Backup Systems in Place, So We're Safe"

Another prevalent myth I encountered was the belief that having backup systems in place provided foolproof protection against ransomware attacks. Many educators reassured me that even if their systems were compromised, they could easily restore their data from backups, rendering ransomware threats inconsequential.

Reality Check

While maintaining regular backups is undoubtedly a critical aspect of ransomware defense and any good IT plan, relying solely on this strategy can lead to a false sense of security. In recent years, cybercriminals have evolved their tactics to target backup systems, either by encrypting them along with primary data or by deleting backups altogether. Moreover, the downtime required to restore data from backups can disrupt educational operations significantly, causing inconvenience and potential loss of productivity.

Bad actors are often entering organizational networks and dwelling for extended periods of time. Most cases of ransomware show the intrusion happened long before the ransomware attack. In that time, the hackers may be impacting backups or establishing back doors that make restoring systems to a safe state much more complex and time consuming than most organizations can accept.

Myth 3: "We're Not a Prime Target for Ransomware"

Many attendees expressed the belief that educational institutions were not attractive targets for ransomware attackers compared to larger corporations or government agencies. Some attributed this belief to their limited financial resources, assuming that cybercriminals would prioritize entities with higher potential payouts.

Reality Check

Contrary to popular belief, educational institutions are prime targets for ransomware attacks due to several factors. Firstly, schools often store valuable data, including student records, financial information, and intellectual property, making them lucrative targets for cybercriminals. Additionally, the interconnected nature of educational networks, coupled with the prevalence of legacy systems and outdated software, creates vulnerabilities that attackers can exploit. Moreover, the potential impact of ransomware attacks on educational continuity and student privacy cannot be overstated, making schools appealing targets for malicious actors.

Unfortunately, Ransomware is a business. Please see our recent blog post "The Lockbit Ransomware Group Disruption: Now What?" which discusses the recent events in the Ransomware as a Service market. Yes, this is an actual business market and that in itself should make this reality check hit home for many.

Conclusion

The COSSBA conference provided valuable insights into the prevailing attitudes and beliefs surrounding ransomware protection in educational institutions. While it's encouraging to see a growing awareness of cybersecurity issues, it's essential to address common myths and misconceptions that may undermine effective defense strategies. By debunking these myths and embracing a proactive and comprehensive approach to cybersecurity, education professionals can better safeguard their districts against the ever-evolving threat of ransomware. As we continue to navigate the digital landscape, collaboration, education, and innovation will be key in ensuring a secure and resilient future for our schools and students.