- Ransomware attacks can be devastating to a school or district, with costly ransoms and leaked sensitive information
- The most effective security is layered; humans are only part of the equation
The biggest threat to K-12 schools’ cybersecurity is, ironically, education. It’s an expensive deficit. But there are funds and tools to help.
Ransomware – where hackers encrypt and lock victims’ data and try to sell the decryption key back to the victim for a ransom – delays education and hurts already-stretched budgets: A GAO report says a ransomware attack can cause K-12 students learning loss up to three weeks and cost from $50,000 to $1 million in expenses.
Or worse. In November 2020, a ransomware attack hit the Clark County School District in Nevada, the fifth-largest school district in the U.S. More than 320,000 students were blocked from accessing assignments and other educational materials. It cost the district more than $4 million to recover from the attack.
Even when schools don’t pay the ransom, as in the Los Angeles Unified School District case in 2022, there are costs. In the LAUSD, some of its platforms were knocked offline and sensitive personal information was released. More recently, the Minneapolis Public School District was attacked by ransomware criminals in March of 2023. District data was held hostage for $1 million. When the district did not pay, the criminals released highly sensitive personnel data.