Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Cliffs Notes Version to Addressing the Ransomware Threat at Schools

It's back to school time: for teachers, students…and cybercriminals.

While pupils will be back churning out papers and cramming for exams, IT personnel working at K-12 schools, as well as colleges and universities, face their own stern assignment: fighting off the wrath of cybercriminals.

One threat in particular - ransomware - has moved to the forefront across all sectors, including education.

Last fall, the U.S. Department of Education warned of a spike in cyber extortion threats. And earlier this year, the FBI issued an alert about an active campaign targeting schools that involved a malicious hacker group stealing sensitive data records and threatening to make them public unless a payment was made.

An abundance of unsecured endpoints connecting to the web (especially a problem on college campuses) and large amounts of sensitive data being stored on devices and across networks - combined with lenient policies and limited security skills and budget in the IT department - make schools a ripe target for digital attacks, including ransomware.

If you're unfamiliar with dealing with the ransomware threat - and that's okay if you are because it is a tough one to defend against - here is a freshman orientation, of sorts, on how to help prevent, detect and respond to this continuing risk. The advice can also extend to other types of cyberattacks.

Assess Your Risks and Prepare for an Incident

In the same way that students don't (usually) just wing a test without studying and expect to ace it, you need to come prepared and take the fight to your adversaries. That means assessing your risk (and that of your suppliers), knowing where your data lives, establishing visibility on your network and having an incident response plan in place.

Identify Vulnerabilities and Patch

Cybercriminals often turn to software weaknesses to distribute ransomware through phishing emails and exploit kits, so you should operate a vulnerability program that emphasizes discovery (scanning and penetration testing) and prioritizes patching.

Educate the User Population

Students and staff are typically the ones who will invite in ransomware; as such, policies and enforcement regarding equipment usage and access controls are necessary. Exercises like phishing simulations are effective, but be careful not to just ram rules and education down your user base's throats. Learn about them and their tendencies - and give them "responsible, honest and compassionate advice." The ultimate goal is to build a culture of security, where data safety hygiene is inherent to all digital activities.

Deploy Endpoint Defenses

Since most attacks begin when a single computer is compromised, endpoint protection is worth embracing. Consider moving beyond traditional anti-virus and intrusion prevention systems to also include suspicious activity monitoring and response capabilities - all of which can help limit the extent of an incident and prevent a future one from occurring. Most good endpoint detection and response (EDR) products identify ransomware immediately, based on the combination of malicious behaviors it exhibits, and suspends the encryption process before it can hold files hostages, let alone move laterally across the network.

Have a Back Up and Recovery Process

This is the most recommended technology practice to limit the blow of ransomware attacks. Conduct regular backups and store the backups offline. If an incident occurs, you'll be able to revert to the last clean system copy and return closely to business as usual. Most of all, backups will serve as a firm deterrent to paying the attacker's ransom demands - which, by the way, never guarantees that they will release control of your data anyway.

Now let's get going. We've got some homework to do!

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

  3a729d5f-a2b4-4dfb-83f5-4de314436f9e

 

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo