IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

California School District Among 6 Getting Help from IBM Against Cyber Attacks

The Newhall School District in Valencia will use the tech giant’s grant funding for training and assessments of schools’ strengths and weaknesses to prevent and respond to future ransomware incidents.

A California school district is among six nationwide that the tech giant has chosen to work with IBM Service Corps teams on training, assessments and protocols to protect against ransomware after a banner year for cyber attacks in 2020.

According to research from the software company Emsisoft, nearly 1,700 schools and universities experienced ransomware incidents in 2020, a record-breaking year for cyber attacks against K-12 districts. As cyber criminals continue to target schools in 2021, the tech giant IBM has launched a national grant program to bolster the fight against ransomware in districts with limited resources.

IBM has announced that it will split $3 million in grants among six districts, including California’s Newhall School District in Valencia. The others are Brevard Public Schools in Viera, Fla.; Poughkeepsie City School District in New York; Sheldon Independent School District in Houston; KIPP Metro Atlanta Public Schools in Georgia; and Denver Public Schools in Colorado.

The company said the funding, awarded through the IBM Education Security Preparedness Grant program, will pay for IBM Service Corps teams to work with districts on strengthening anti-ransomware protocols.

More than 250 U.S. K-12 school districts applied for the funding when IBM announced the program in February, according to a news release from the company. Approximately 50 percent of the applicants had less than $100,000 to spend on cybersecurity for their entire districts, while others had millions invested in their fight against ransomware and phishing attacks. Amid these disparities, more than 40 percent of the districts said they experienced ransomware incidents but had little training to stave off the attacks.

“Ransomware criminals are targeting everything from schools to Fortune 500 companies; however, the difference is that schools don’t have the same cybersecurity budgets or resources to properly defend against these attacks,” Newhall Superintendent Jeff Pelzel said in an email. “And if Fortune 500 companies can’t defend against these attacks, how can schools be expected to?”

Perpetrators of ransomware attacks often extort districts for large sums of money by blocking access to district networks or sensitive data, shutting schools down in the process. Large districts such as Clark County School District in Nevada and Baltimore County Public Schools in Maryland were among the many that fell victim to an onslaught of ransomware attacks in 2020, according to the Emsisoft report.

IBM Global Threat Intelligence Lead Nick Rossmann said the tech company first considered the need for the Education Security Preparedness Grant program when helping officials in Louisiana’s Tangipahoa Parish School System respond to a ransomware incident in 2019 that affected thousands of devices.

Rossmann said one of the most notable findings among applicants during the pandemic was the sheer scale of the attacks increasingly targeting schools.

“This is real for so many school districts,” he said.

About 55 percent of school districts surveyed by IBM are currently operating without adequate cybersecurity training, according to Rossman. He said ransomware remains the primary cybersecurity concern for schools across the U.S.

“From our point of view, based on the survey and what we see elsewhere, ransomware is the key cyber incident at school districts overall,” he said. “The other events [such as phishing] do occur, but it’s ransomware that’s putting a lot more personal data at risk, delaying the start of school years, and where schools need funding right now.”

Pelzel said the need for Newhall schools to review cybersecurity procedures and provide more comprehensive anti-ransomware training came into focus after a ransomware attack in September 2020, which shut down virtual courses.

“It really shed a lot of light on the need to do that on a regular, ongoing basis,” he said.

Pelzel added that the grant funding will go toward training and further assessing schools’ strengths and weaknesses to prevent and respond to future ransomware incidents.

“Depending upon your general fund budget, it’s [about] what you can allocate your resources to,” he said. “When you’re a smaller school district, it’s difficult to have a big ‘tech department.’ It’s really difficult to put something like that in place in a smaller school district.

“Devices are one thing, but tech support and infrastructure support is a completely different thing,” he continued. “The big thing to understand for us is, where are our gaps, in terms of whether it’s protocols, procedures, hardware or structure?”

He said he hopes to share insights with neighboring districts that are struggling to keep up with cyber incidents with limited resources.

“I think it’s just a great opportunity to learn from ourselves and share [lessons] with colleagues,” Pelzel said.

This article originally appeared in Government Technology, Techwire’s sister publication.
Brandon Paykamian is a former staff writer for the Center for Digital Education.