Cloquet School District Director of Technology T.J. Smith said Internet attacks were somewhat of a rarity when he started back in 2017. Now, Smith says 75 percent of his day is spent dealing with and preventing attacks in what's become a common thread shared among school districts.
"It is something that we're experiencing in all districts," Smith said. "I know people that work in other facets of government service and the private sector, and we're all seeing the same thing — it's just that the cyber attacks are increasing in frequency and they're increasing in complexity."
Back in March 2016, the Cloquet School District was forced to shut down for a day to deal with a malware attack on its servers. Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. The incident was believed to be the state's first case of an online attack forcing a school to close.
"It was rare that you heard about these things happening to schools ... Now, it's almost once a week that we're getting news that a school got hit with a cyber attack," Smith said.
"I'm actually sitting here chatting with Bard (Google's AI). Bard has a list of almost 100 schools that have been hit in the year 2023. It really has just ramped up. It's crazy to see it happen," he went on to say.
Smith's sentiments were echoed by Brandon Lee, who serves as a Sales Manager for CITON Computer Corp., a managed service IT company contracted by the Carlton School District in lieu of a tech director.
"I don't know if I can say that it's expanding exponentially, but it sure feels like it," he said of the threats. "Two to three years ago, you didn't hear nearly as often customers calling in and saying we just had this happen, we just got phished or somebody just tried to get in, or somebody's in our network, do something about it or whatever. That type of stuff didn't really happen as often."
In April, the Rochester Public School District was forced to close for a day and shut down its district-wide Internet connection in response to unusual activity discovered on its technology network, according to the district website.
The threat was later deemed to be a ransomware attack, which is a type of malicious software designed to block access to a computer system until a sum of money is paid.
A similar attack was perpetrated on the Minneapolis School District just two months earlier in which data from the district was stolen and held for $1 million ransom. According to a story by Axios, the data containing sensitive student information and district finance data was shared by the hacker group Medusa, which claimed responsibility for the attack.
The two attacks follow a nationwide trend when it comes to the increased use of ransomware by hackers. According to the Multi-State Information Sharing & Analysis Center's Quarterly Threat Report, quarter one of 2023 saw a 36 percent increase in the number of ransomware attacks compared to quarter four of 2022. The frequency of attacks has grown 56 percent overall from the first quarter of 2022 to the first quarter of 2023.
The growing threat has caught the attention of local lawmakers, as the Minnesota House recently passed a $2.2 billion omnibus education bill that allocated $35 million for student safety and online security measures via the Safe Schools Revenue Program. The funds will go towards updating computer hardware and software, along with other system upgrades and cybersecurity insurance costs, according to the Minnesota State Legislature.
According to Smith, the additional resources are sorely needed to help districts pay for newer, more advanced antivirus software capable of preventing the increasingly elaborate attacks.
"We have to get antivirus that's equally sophisticated, and so the new type of antivirus is called E.D.R. (Endpoint Detection Response)," he said. "It's antivirus that uses machine learning to analyze behavior on computers to then detect when things are amiss and then instantly respond to that scenario."
The implementation of EDR antivirus software is just one of many ways the district is striving to combat online threats. In addition to removing staff member's emails on the district website to limit phishing attacks, Smith said the network itself has undergone major changes as well.
"We've actually gone through and redesigned our network topography to limit lateral movement between the networks, and so essentially what that means is I'm making it a lot harder for a hacker to get on one computer and then go to another computer in a different building," he shared.
Smith, who served 20 years in the U.S. Army and was deployed in Iraq for one year as a Convoy Escort Team leader, compared the constant need to evolve in the world of online security to his experience of finding ways to protect his team members from improvised explosive devices in Iraq.
"The enemy would come up with a new way to detonate an IED, and then we would come up with a way to stop it ... and so on and so forth," he said. "And this is the same exact way the hackers are coming up with new and innovative ways to get into our systems, and then we have to adjust and change the way that we do business in order to mitigate those the best that we can."
When asked about possible solutions to this growing problem, Smith identified adding specialized IT staff before acknowledging that further cybersecurity funding is a challenge given the financial constraints faced by districts.
"Ultimately, the best thing that we can do is have additional funding for more personnel so we can hire somebody who has gone to college for cybersecurity," he said. "So for me personally, everything that I'm learning and having to learn (is) on my own and in real-time combating the hackers — there's people that go to school for this, and I would love to have one of those people on my staff."
In lieu of funding for additional personnel, many districts and companies in the private sector alike are mandating security awareness training to prepare its employees for phishing attacks.
The training may also include annual "tests" with mock phishing attempts sent via email, a practice utilized by Cloquet as a way to encourage vigilance.
"One of the most common ways for a bad actor to get into a businesses' IT environment is through people. It's probably considered the weakest link," Lee said. "And phishing is becoming such a skill for some of these people that they really can get people that aren't ready for it."
©2023 The Pine Journal (Cloquet, Minn.). Distributed by Tribune Content Agency, LLC.