IBM is again offering cybersecurity support to public school districts in the US and several other countries to stave off ransomware demands. After providing $3 million in grants to kindergarten through 12th grade school systems in 2021 to bolster security postures, IBM is raising its game with an additional $5 million in security services and technology. The grant money will be split among ten school systems in the US. For the first time, IBM will offer additional grants to school systems in Brazil, Costa Rica, Ireland and the United Arab Emirates.
During the Covid-19 pandemic, school systems which had overwhelmingly moved to virtual learning models saw a spike in ransomware demands. The non-profit research institute K-12 Security Information Exchange reported ransomware is now the most commonly reported type of cyber incident disclosed by school districts. In 2021, the K-12 Security Information Exchange recorded 62 cases of ransomware demands made against US public K-12 school districts in 24 states.
The threat of ransomware is not exclusive to the US. IBM Security X-Force noted in a recent report ransomware attacks targeting educational institutions more than doubled from 2020 to 2021. The attacks continue seemingly unabated.
Chicago Public Schools disclosed that identifying information for 495,000 students and 56,138 staff members had been breached when a third-party provider, Batelle for Kids fell victim to a ransomware attack. Though the incident took place in late 2021, the school system was not notified until March 2022.
The cost of ransomware demands
As alarming as the number of ransomware incidents is, it is the sheer cost associated with these demands that really has school systems on high alert. While targeted school districts don’t usually disclose whether and how much they paid in ransom, some do reveal the costs. A school system in Texas last year paid $547,000 to safeguard personally identifiable information.
And the ransom isn’t the only expense associated with an incident. The K-12 Information Exchange said in its report that Baltimore County Public schools incurred $9.7 million in mitigation expenses related to the 2020 Ryuk ransomware attack. The Buffalo School Board in New York granted a request for $9.7 million to hire outside security experts for remediation work following a March 2021 ransomware attack. The IBM grant program, which is a byproduct of IBM’s Corporate Social Responsibility initiatives, will be dispersed through IBM Service Corps team hours and other resources. The teams will focus on updating operating systems and software, training staff and students and developing and executing communications and response plans.