Baltimore County Public Schools were hit with a ransomware attack during November 2020. The nature of the attack forced the school system to close operations for the day. The attack caused systemic interruption to their network information systems. Students were advised to only use City Schools-issued devices and those without such devices were granted excused absences.
In a Tweet, the education board stated: “City Schools is aware of computer network challenges today in Baltimore County schools. Students participating in virtual learning should only use City Schools-issued laptops or devices. Students without access to a City Schools-issued device will be granted an excused absence.” (@BaltCitySchools, posted on November 25, 2020).
Providing an insight into the attacks and the associated fall-out is Mark Riemer, Chief Security Architect at Pulse Secure.
According to Riemer, there is a reason for the attacks, which he identifies as: “The ransomware attack on Baltimore County Public Schools, which resulted in a network interruption that disrupted student learning, proves the education sector remains a lucrative target for cybercriminals and the industry as a whole must consider more progressive security controls as institutions, parents and students adapt to virtual learning.”
This brings with it implications, as Riemer elucidates: “As schools continue both in-person and virtual learning next year, it is up to the government and education institutions to prioritize the safety of their students and staff. To mitigate threats and avoid unauthorized system access, organizations must remain vigilant on security posture assessment and implement or enhance Zero Trust access policies such as multi-factor authentication and encrypted communications. ”
Expanding on this approach to security, Riemer states: “The Zero Trust principle dictates that no connectivity is allowed until a user is authenticated, their endpoint is validated, and application access is verified for that individual, stopping cybercriminals from gaining access. With secure network access solutions in place, schools can avoid falling victim to a major security mishap that can interrupt education.”
