Leveraging E-Rate funds for cybersecurity

When the Conti ransomware gang attacked Broward County Public Schools in 2021, it was clear that the criminals did not understand K-12 public schools. Americans invest hundreds of billions of dollars in public education, and school budgets are published online and made available for all to review. Conti demanded a $40 million ransom, which they were confident could be paid:

With 271,000 students, Broward is the nation’s sixth-largest school district with an annual budget of about $4 billion – a fact the hackers kept returning to as they demanded $40 million, to be paid in cryptocurrency.  …

“It is a possible amount for you,” the Conti gang said early in its negotiations with a district official …

“This is a PUBLIC school district,” the Broward negotiator replied. “You cannot possibly think we have anything close to this!”

After some negotiations, the Conti gang reduced the ransom demand to $10 million, which the district refused to pay despite threats that sensitive data would be leaked if demands were not met. That data was published on the Conti data leak website approximately six weeks later. The district operates a self-insured health plan, which brought HIPAA regulations into play. According to the HHS Office for Civil Rights, the breach was reported on Nov. 29, 2021, and affected 49,608 individuals.

Why schools are particularly vulnerable to cyberattacks

There’s no way for the public to know for certain how many schools have been victimized by cyberattacks. Any school or district can be targeted, and many of them will not disclose an attack unless required by law. Some schools that have disclosed ransomware-related data breaches were compromised due to an attack on a third-party vendor. These supply-chain attacks make the blast radius of an attack much larger. Research by Comparitech found that from January 2018 to May 2022 there were 4,278 schools and universities impacted by 270 individual ransomware attacks.

Public K-12 schools are particularly vulnerable to attack because they are in various stages of technology integration and pandemic-driven learning environments. Many school districts share technology services across one or more regional districts, and most have a supply chain of vendors for functions like food service, maintenance and custodial work, and transportation. Whether it’s a regional school district or a third-party service vendor, there is always a path from there back to the school data. 

How E-Rate funding can help

The federal E-Rate program can help schools get funding to better secure their networks. Although the program doesn’t specifically address cybersecurity, it does provide funding for network connectivity solutions that also provide security. Barracuda CloudGen Firewall is an E-Rate eligible solution that includes security features that defend against ransomware and other threats. A solution like this is one of the best ways for schools to leverage E-Rate funding for improved cybersecurity.

There are tens (and sometimes hundreds) of millions of E-Rate dollars that go unused each year. This could be due to mistakes on applications, tech project cancellations, or even a lack of awareness on how to use E-Rate to improve an existing network. Ransomware attacks are going to get smarter, better, and faster, so leaders should consider every opportunity to improve their defenses. E-Rate funds could provide such an opportunity if used on an eligible solution that provides security features.

Visit our website for more information on Barracuda solutions for K-12 and the security features of the E-Rate eligible Barracuda CloudGen Firewall.