澳门跑狗论坛

Privacy & Security

Thousands of School Websites Went Down in a Cyberattack. It鈥檒l Happen Again, Experts Say

By Alyson Klein 鈥 January 10, 2022 4 min read
Special Report Cybersecurity
  • Save to favorites
  • Print
Email Copy URL

Roughly 5,000 schools and colleges saw their websites go dark recently when a ransomware attack targeted Finalsite, a private company that provides webhosting and other communications services.

Finalsite works with 8,000 schools and colleges in more than 100 countries and is still looking into the Jan. 4 incident. A ransomware attack is when hackers breach an organization鈥檚 or an individual鈥檚 computer system and then demand payment to restore the system.

But at this point, seven days after the attack, 鈥渨e have found absolutely no evidence that client data has been compromised or extracted,鈥 said Morgan Delack, a spokeswoman for Finalsite, during a press briefing held on Zoom.

See Also

Image of a red glowing caution sign over a dark field of data.
Getty
Privacy & Security Explainer School Cyberattacks, Explained
Alyson Klein, February 11, 2022
12 min read

The incident, which impacted some 3,000 K-12 public schools in the United States, is more than just another example of how widespread a problem cybersecurity has become. It is also a stark reminder that school districts need to be thinking about not just their own data security systems, but those of the technology and education companies they work with, experts say.

鈥淥ne of the things that we鈥檝e seen in K-12 education is [increased] targeting of schools and districts for ransomware attacks,鈥 said Amy McLaughlin, the cybersecurity director for the , a group that represents chief technology officers in school districts. 鈥淎nd I think that we鈥檙e also starting to see an uptick in targeting of vendors who support K-12 schools and districts.鈥

The , a research organization, found 408 publicly disclosed cyberattacks against K-12 schools or districts in 2020, an 18 percent increase over the previous year. The center is still assembling data for 2021, said Doug Levin, the group鈥檚 national director.

And last year, district level education technology leaders ranked cybersecurity as their top concern for the seventh time in a row, in a survey released by CoSN.

These days, it鈥檚 not unusual for a school district to have two or three hundred technology vendors who help with everything from controlling the school bell schedule to running applications that teach kids math concepts, said Levin.

It鈥檚 a challenge for district leaders just to keep track of the shear volume of vendors, much less puzzle through questions like, 鈥渨hich ones are doing a good job with cybersecurity? What does that even look like? What requirements and standards should [vendors] be held to?鈥 Levin said.

Finalsite continually monitors its networks and noticed ransomware the day the attack occurred, Delack said. The company took the 鈥減roactive鈥 step of taking its system offline and rebuilding it again in a 鈥渃lean environment,鈥 she said. That鈥檚 why it took several days to get schools鈥 sites up and running again, she explained.

As of Jan. 10, schools are able to use the 鈥渂ulk鈥 of the company鈥檚 system, Delack said, and Finalsite is working to restore the remainder of its services.

Finalsite was able to figure out who hacked into its system and how they got in, Delack said. But she declined to identify the attacker or say whether the company鈥攐r its insurance provider鈥攑aid a ransom, citing the company鈥檚 ongoing investigation into the incident. She was also unable to share specifics on any next steps for possible legal action.

The investigation also prevented her from immediately sharing details about what Finalsite will do differently to protect itself and its clients going forward, she said. But once the inquiry is concluded, 鈥渨e do fully intend on being as open as possible with our clients and the public about what we have learned鈥 without compromising data security, Delack said.

An official in one district who Levin spoke to was frustrated that the district initially learned its site was offline through a website called 鈥淒ownDetector鈥 and not from Finalsite itself.

Not letting districts know right away that their websites were down because of an attack was a misstep on Finalsite鈥檚 part, Delack said.

鈥淥ne area that we certainly have learned from the moment the websites went down universally, we should have sent a communication and we didn鈥檛 and we fully admit that that was not the right thing to do,鈥 she said.

She said the company let its clients know about the attack once officials in the organization had time to connect and get a better sense of the problem. And since then, she said, the organization has been in regular touch with its clients, including providing a template for sharing information about the attack with parents.

鈥淲hile there are some that have been dissatisfied with our response, there are dozens of others who are directly emailing us and publicly sharing their satisfaction with how we鈥檝e handled the issue at hand,鈥 Delack said in an email.

The incident 鈥渞eally highlights the importance of schools and districts knowing what the responsibilities of their vendor community are,鈥 McLaughlin said. When buying services from a vendor, school districts should be sure they understand whether the company is backing up its systems and data. And they should know the vendor鈥檚 plan for restoring service in the case of an outage.

What鈥檚 more, in this particular case, school districts relying on Finalsite for webhosting needed to make sure they had a back-up communications plan, McLaughlin added. The flow of information from central offices to the public can be disruptedby a lot more than ransomware鈥攖here are floods, natural disasters, widespread power-outages, and other factors that can get in the way, too.

鈥淎nytime you have a dependency for communications, you need to have an alternative,鈥 McLaughlin said.

Related Tags:

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Reading & Literacy Webinar
Literacy Success: How Districts Are Closing Reading Gaps Fast
67% of 4th graders read below grade level. Learn how high-dosage virtual tutoring is closing the reading gap in schools across the country.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Artificial Intelligence Webinar
AI and Educational Leadership: Driving Innovation and Equity
Discover how to leverage AI to transform teaching, leadership, and administration. Network with experts and learn practical strategies.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
School Climate & Safety Webinar
Investing in Success: Leading a Culture of Safety and Support
Content provided by 

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide 鈥 elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/澳门跑狗论坛 via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For Schools And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by 
Privacy & Security What Schools Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+
Privacy & Security Civil Rights Groups Seek Federal Funding Ban on AI-Powered Surveillance Tools
In a letter to the U.S. Department of Education, the coalition argued these tools could violate students' civil rights.
4 min read
Illustration of human silhouette and facial recognition.
DigitalVision Vectors / Getty