SKSD continues efforts to strengthen cybersecurity

By Elisha Meyer Port Orchard Independent • March 12, 2024 1:30 am

With a commonplace reliance on technology in the modern classroom, the South Kitsap School District is taking increased precautions to deter cyberattacks and data breaches.

SKSD director of information technology services Derry Lyons said recently that cyberattacks targeting students in the K-12 age group are on the rise, describing the young demographic as a “ripe market” for those looking to harvest data by ill means.

Lyons said from the mindset of an attacker it’s “because if I can compromise a student data record, it’s nice and pristine and has no credit history, (has a) birthdate, mother’s maiden name, maybe social security number… How long is it going to take before somebody finds out I’ve stolen it?”

The risk of compromised student and employee data associated with ransomware attacks and the like have forced some school districts into the black for days if not weeks. The Edmonds School District was forced offline after a cyberattack in early 2023 left the personal information of select staff, students and parents vulnerable for weeks. Thousands of confidential pieces of information were accessible to the attackers, though the true numbers of victims may never be known.

“The details were often unclear, but it definitely had a large impact,” Lyons said, adding Edmonds was “offline for a few weeks while they got things cleaned up.”

Attackers go after the big districts, too, such as the 2022 breach of the Los Angeles Unified School District in California.

Lyons told the SK school board March 6 he’s not trying to scare anyone, just telling the unfortunate truth of the modern day. “I do not want to have to come back and talk to you again when there is a big, black cloud over my head if something happened.”

SKSD continues to take precautions so it won’t become the next victim. Multi-factor authentication in the district is being finalized and rolled out to staff, a requirement from the state Risk Management Pool to reduce off-site cyberattacks. Endpoint protection that detects malware and browser history activity and strong backup processes are also required.

An upgraded spam filter is also being utilized to turn away suspicious websites and email. Lyons noted that up to 85% of emails sent to the district can be classified as spam or malware. “Whenever I get somebody that’s frustrated with the spam filter where it’s blocked or this didn’t get through…it’s more of an art than a science. Try to look at it and go, ‘Is this really legitimate?’”