I find it puzzling really…the hype about ransomware and how severe this threat is. Self-proclaimed experts are popping out of the woodwork, stressing how severe this could be for schools. Schools of all places! The reality is, ransomware has been hitting schools all across America for years. Literally, years. This is not a new threat. Ransomware has been a constant threat for every sector for years. However, now that high profile entities are being impacted, there must be a solution.
President Biden is offering up to $10 million in reward funds to help take cyber gangs offline. The American government has also published stopransomware.gov to provide the country with actionable steps, supposedly to stop ransomware. Spoiler alert – it doesn’t do that. I’ll save my thoughts on that for another post…
Back to schools…
Schools are about to go back into session. We know, because we understand ransomware is not a new threat for the education sector, that ransomware attacks will begin to increase in August due to the increased network usage. The threat remains year around; however, the first few months of school being back in session appear to have the highest infection rates. Take 2019 for example, seven school districts were hit in August alone.
Also, according to the K-12 Cyber Security Resource Center there have been 1,180 reported cyber incidents in the K-12 space since 2016. This threat, albeit not new, continues to increase year-over-year. You may access their State of K12 Cybersecurity: 2020 Year in Review paper here.
Ransomware – what can be done?
It is important for the school’s IT staff ensure all of the devices are updated, prior to school going back into session. By doing this before school resumes, it will reduce any productivity issues for students and staff. Once everything is updated, backup the system. Then, evaluate your cybersecurity stack. If you do not already have a proactive layer of malware detection, such as application whitelisting, add it.
Application whitelisting solutions can work seamlessly with your existing cybersecurity solutions. But how, and why does it matter? First, let’s say the district is using a security solution that is focused on endpoint detection and response (EDR). Unfortunately, when it comes to ransomware, EDR is not a feasible solution. At that point, the district would already be infected. To be clear, EDR solutions are important pieces to a security stack. If a malware infection takes place, the response speed is critical. However, by adding application whitelisting to this security stack, all applications that are allowed to run on the network are confirmed safe and trusted programs. How? Because they have been tested and proven as such.
The National Institute of Standards and Technology (NIST) has been encouraging the use of application whitelisting to help thwart the growing ransomware threat. Will you listen?
301 total views, 11 views today