The group encrypted the district’s data and demanded a $40 million ransom to decrypt it. Marinos cited a school district in Florida that was targeted by a criminal group in March. These attacks can carry a high price tag. “In other cases where we’ve seen entities have to rush to put forward technology, cybersecurity often can be an afterthought or something that might not get attention until, unfortunately, an attack or an incident occurs.”
“The efforts that the schools had to go through last year to convert from in-person to virtual learning put a lot of strain and stress on the technology services that they either had or they needed to acquire very quickly,” said Nick Marinos, a director on the GAO’s Information Technology and Cybersecurity team in an interview with Watchdog Report, the GAO’s podcast. That’s been particularly true during the COVID-19 pandemic, which forced schools to switch over to online learning at lightning speed. Since 2010, when the plan was last updated, K-12 schools have dramatically ramped up their use of education technology, leaving their systems more vulnerable to threats. Department of Education’s more-than-a-decade old plan to help protect schools from digital threats needs a rethink, as cyberattacks rise and new threats emerge, concludes the Government Accountability Office, Congress’ watchdog arm, in a report out this month.