Each year, hundreds of K-12 schools in the U.S. alone experience cyberattacks, including 408 schools that publicly disclosed them in 2020, up 18% from the previous year, according to the K-12 Cybersecurity Resource Center1.
Fulton County Schools, the fourth-largest school system in Georgia, has learned just how valuable it is to put a top-notch security system in place. To defend against threats, Dr. Emily Bell, Fulton County Schools’ Chief Information Officer (CIO), implemented robust planning that involved educating and communicating with school leaders and staff about cybersecurity. Microsoft resources were a part of their well-rounded cybersecurity strategy.
“As a Chief Information Officer, it is incumbent upon me to make sure that my leadership is aware of our cybersecurity incident response process,” said Dr. Bell. “I also want to educate district leaders on our cyber insurance coverage and what that means.”
Fulton County Schools relied on Microsoft Defender for Office 365 to keep all its devices and technology safe and secure, and to help prevent disruptions to student learning.
Microsoft solutions addressing cybersecurity concerns
Bad actors are constantly looking for vulnerabilities in educational IT networks. So, Fulton County Schools’ leaders knew that choosing a security system reliable enough to cover its large network of 95,000 students and 107 schools was crucial. They had tried other tools and systems but realized they needed more. After evaluating the Microsoft 365 A5 educational license security capabilities, they decided to use it across the district to monitor, detect, and mitigate potential threats.
Microsoft Defender, which is included in the A5 license, protects all Office 365 applications against advanced threats. It also includes the tools to address cybersecurity risks from ransomware, malware, phishing, and compromised credentials. Distributed denial-of-service (DDoS) attacks are also a main concern in Internet security because they try to disrupt the normal traffic of a server, service or network by using a flood of Internet traffic to overwhelm it or its surrounding infrastructure. Given these high-level benefits, Dr. Bell knew that Microsoft security would provide a complete solution, so the district put it into place.
How a possible threat showed the strength of Microsoft tools
A recent occurrence highlighted just how important and useful Microsoft security tools were to Fulton, as well as the need for ongoing communication with leadership if a threat gets reported.
That’s exactly what happened at Fulton. A threat was reported to the district superintendent at the same time as it was reported to Dr. Bell.
To reassure district leadership, including the superintendent, Dr. Bell and her team demonstrated how situations are handled behind the scenes at the appropriate level of urgency based on assessed risk. This helped to instill confidence in how Fulton addresses the kind of threats that schools across the country inevitably get in the age of the Internet.
Dr. Bell showed leadership that within a single 30-day period alone, they had seen 39 ransomware attempts, all contained and eradicated; 712 malware attempts, all blocked; 983 compromised credentials, mitigated by automated disabling of accounts; and 254,255 phishing attempts, of which nearly 89% were not delivered. The success in preventing all these attempts was key to helping ensure that students could continue to learn without disruption.
“What was reported to the superintendent never even rose to the level of ‘incident.’ We had a report, then we found, contained, and eradicated the threat, and nothing came of it,” said Dr. Bell. “It turned out to be a fire drill for us.”
Identifying, containing, and eradicating threats
Because support from many departments is critical to keeping things running smoothly, Dr. Bell has also put together a task force of leaders from many departments to help mitigate risk around the clock.
Fulton also has an ongoing partnership with Forsyte I.T. Solutions, which helps Fulton deploy Microsoft’s advanced security features in the district’s Microsoft 365 A5 subscription.
Teams including the security partners and the task force follow specialized checklists developed to contain and eradicate each specific kind of risk. And once a threat is detected, the stages to address it include triage, containment, eradication, recovery, post-incident activities, and finally, closure.
Fulton’s task force and partnerships now help to foster communication and understanding, so when a department is impacted everyone who needs to know is kept in the loop about the threat, how it may affect them, and what’s expected of them—avoiding unnecessary panic. Ultimately, all of these actions help prevent a threat from getting far enough along to take learning time away from students.
Although not every district is as large as Fulton and might not face as many cybersecurity threats, districts of all sizes are facing security disruptions. Having the infrastructure and bandwidth to avoid shutdowns and slowdowns is imperative in the service of keeping students on track with their educational progress.
“It's important for districts to have a cyber response plan and to educate their leadership on that plan, and perhaps create a cyber task force, because attacks happen every day,” said Dr. Bell. “Every district needs to evaluate their own risk and develop plans that are specific to their most likely cyberattacks.”