In late August, Haywood County Schools was hit with a ransomware attack on the first day that elementary students were set to begin online instruction. The hackers gained access to the district’s computer systems and demanded money for the return of sensitive data, shutting down remote instruction in the district for a full week.
Haywood County is not alone — the attack was one of five ransomware attacks on North Carolina school districts in 2020. For comparison, only one district, Columbus County Schools, was attacked from 2016 to 2019. These attacks also impact community colleges, county governments, and other entities. In July 2019, a cyber attack shut down Richmond Community College.
As many students across the state engage in some form of remote learning due to COVID-19, cybersecurity is more important than ever. What is a ransomware attack, and what can schools do to guard themselves against one? We turned to Forsyth Technical Community College for answers.
What is ransomware?
In the simplest terms, Deanne Wesley, associate dean of the Davis iTEC /Cyber Security Center at Forsyth Tech, describes ransomware as a type of malware that threatens to publish a company or individual’s data from a computer. That data could be account numbers, social security numbers, or online banking information, just to name a few. The attack encrypts data so that it is inaccessible unless a ransom is paid.
“It threatens and it holds you ransom unless you pay so many dollars. Those dollars can be anywhere from $500 to millions of dollars,” said Wesley.
So, should the attacked pay the ransom to get their data back? Wesley says no.
“You’re still at the mercy of that attacker because you could pay it, they could release your data, you can get to it, but then what tells you that three years later, four years later, they won’t attempt it again?” she said.
That’s exactly what Haywood County Schools did — rather than pay the ransom, they brought in the National Guard and information technology (IT) experts from across the state to help them recover from the attack.
“I think this is going to continue to happen — with hospitals, with K-12 institutions, and with community colleges,” said Wesley. “But we all have to work together to ensure that we are protected, and we will not pay ransom to these malicious actors.”
What can be done to defend against ransomware attacks?
Janet Spriggs, president of Forsyth Tech, said she’s not sure people take ransomware attacks seriously until it happens to them. The attack on Richmond Community College last year served as a wake up call for many community college presidents.
Since then, Spriggs said the community college system has been focused on two things: 1) how to block cyber attacks and 2) what to do if an attack does occur.
One key thing Spriggs said she learned from the Richmond Community College attack is that the rebuilding process after an attack is not as simple as using a backup file.
“What we’ve been doing is trying to prepare our IT team at a college level to make sure first of all that we have all the safety nets put in to block the attacks from the outside,” said Spriggs. “But also to be able to … have a really good recovery plan in place where we have all the backups … in order for us to be able to recover.”
Wesley said various software packages are the first line of defense against cyber attacks, but that having one is not a guarantee that an attack won’t happen. It’s also important that software is regularly updated.
“You have to have the right staff and the number of staff you need to continually do the monitoring, the updating, the patching, the training, all of that,” said Wesley. “It’s not one thing. It’s a number of things; it’s a holistic package that makes this work.”
Training the next generation of cybersecurity experts
Defending against cyber attacks comes at a price. Spriggs said that dedicated funding for IT expertise and educational opportunities would go a long way to strengthen the defense of North Carolina’s community colleges. And those educational efforts could come from colleges within the system that have cybersecurity programs and expertise already.
Many of North Carolina’s community colleges offer cybersecurity programs — including Rowan-Cabarrus Community College, Wake Tech, Forsyth Tech, Durham Tech, Asheville-Buncombe Tech, Fayetteville Tech, and Sampson Community College.
Forsyth Tech, along with five other community colleges, is designated by the National Security Agency (NSA) and Department of Homeland Security (DHS) as a National Center of Academic Excellence (CAE) in Cyber Defense. The college is also the CAE Regional Resource Center for the central east region of the country — one of only 10 such centers in the U.S. Among other things, this designation means that Forsyth Tech works to improve the quality of cyber defense programs and provide a pipeline of qualified students.
“If we could have some funding to be able to provide educational opportunities for the other colleges, especially the smaller colleges who are not going to have the resources that the larger ones do,” said Spriggs.
In 2019, it’s estimated that businesses and individuals in the United States lost $3.5 billion to cybercriminals. For Spriggs, that figure emphasizes why it’s so important to have cybersecurity training programs, along with the people and funding the college needs to combat attacks.
“It’s crippling when it happens,” said Spriggs. “It can be devastating beyond words.”
Fayetteville Technical Community College is also working to strengthen the pipeline of cybersecurity talent. The Carolina Cyber Center and Fayetteville Tech are working together to create the Carolina Cyber Network, a talent development partnership to close the workforce gap in the cyber field in North Carolina. Stay tuned to EdNC.org for a forthcoming article on that effort.