The U.S. government has issued yet another warning about the increase of ransomware attacks on schools. This comes in the wake of a recent successful ransomware on the country’s second largest school system, Los Angeles.
Los Angeles Unified (LAUSD), which is the second largest school district in the U.S., suffered a ransomware attack that hit its IT systems during September 2022. LAUSD enrols 640,000 students and includes Los Angeles, 31 smaller municipalities, and Los Angeles County unincorporated sections.
Attempting to unpick the events and provide an assessment of the learning points for Digital Journal is cybersecurity evangelist and privileged access management expert Raj Dodhiawala, CEO of Remediant.
Dodhiawala begins by considering the recent cybersecurity incident: “The recent successful ransomware attack on the nation’s second-largest school system, plus the latest warning from the FBI, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on the increase in ransomware attacks plaguing the education sector have underscored the harsh reality that school systems aren’t properly prepared to take on cybersecurity criminals.”
As to why the education sector is a target, Dodhiawala’s reasoning is as follows: “Attackers will follow the money, and they know schools find a way to pay ransom; even if relatively small amounts — it adds up.”
Furthermore, says Dodhiawala: “As schools have become more digital, they’ve taken a somewhat backwards approach to cybersecurity and historically move slow, have weak cybersecurity controls and protocols.”
And the underpinning issues here are: “This is due to longer cycles for IT budgetary and staffing processes, a higher turnover rate, and lower continuity in IT security projects and skills. Similar to the state and local governments, school systems’ budgets, have been released based on types and volume of incidents — hence the backward approach to cyber defense.”
There are measures that can be taken, however. Dodhiawala recommends: “Given that nearly 80 percent of today’s cyberattacks involve leveraging privileged identities and use lateral movement as a technique, school systems need to look closely and prioritize developing an identity-centric Zero Trust framework.”
This means going beyond the basis of government advice and putting more robust measures in place. Dodhiawala states: “While the FBI, CISA and MS-ISAC’s warning nicely laid out cybersecurity priorities for school systems, it was missing one specific emerging strategy that fits within the ZT framework and is the only approach that can properly protect an organization against lateral movement attacks: PAM+. The PAM+ strategy shrinks the privilege identity attack surface, removes the typical, 24×7 admin access, protects organizations against attacks that harvest admin credentials, making these ransomware attacks essentially ineffective”
