KnowBe4 Security Awareness Training Blog

Why School Districts are Targets of Social Engineering

Written by Stu Sjouwerman | Aug 5, 2019 10:56:36 AM

School districts are becoming increasingly popular targets for ransomware, with at least five of these attacks occurring in July, according to the New York Times.

The Governor of Louisiana declared a state of emergency on July 24th after three of its school districts fell victim to ransomware. Christina Stephens, a spokeswoman for the governor, told the Times that the three attacks shared similar characteristics. She added that the state is working to recover from the attacks before the beginning of the school year in early August.

“We’re operating as we would in any national disaster,” Stephens said. “We’re using the same kind of hierarchy that we use during hurricanes.”

Likewise, the school district of Syracuse, New York, was hit by ransomware on July 8th. The district said that its insurance provider would cover the cost, but the district will pay a $50,000 deductible. It’s not clear if the district decided to pay the ransom or not.

Another attack hit the Houston County School District in southeastern Alabama sometime in July, which forced the district to postpone the first day of school for two weeks. Superintendent David Sewell said that the computers still probably won’t be ready in time, so teachers will most likely be using pen and paper to take roll.

Keith R. Krueger, the CEO of the Consortium for School Networking told the Times that IT staff at primary and secondary schools are now ranking ransomware as their top fear. Dr. Eva Vincze from George Washington University said that schools are an easy target because they often can’t afford sophisticated defenses.

“Most school systems, especially in small communities, do not have the resources to keep up with each generation of threats that bad actors come up with,” Vincze said.

One of the best defenses against ransomware attacks is employee education. New-school security awareness training can complement your technical defenses by enabling your employees to thwart phishing attempts.

The New York Times has the story: https://www.nytimes.com/2019/07/28/us/hacker-school-cybersecurity.html

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer