IBM Expands Cybersecurity Grant Program to Help K-12 Institutions Battle Ransomware

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Often under-resourced from an IT perspective and possessing a wealth of valuable personal data, educational institutions are prime targets for ransomware.

• With incidents against K-12 school systems rising dramatically, IBM is looking to help districts mount a better defense through its cybersecurity grant program.

The number of ransomware incidents levied against educational institutions is soaring. K-12 school systems in particular have suffered a brutal few years. To help mount a better defense, IBM is again offering cybersecurity support to public school districts in the US and a number of other countries.

After providing $3 million in grants to school systems in 2021 to bolster security postures, IBM is raising its game with an additional $5 million in security services and technology. The grant money will be split among ten school systems in the US. For the first time, IBM will offer additional grants to school systems in Brazil, Costa Rica, Ireland, and the United Arab Emirates.

During the COVID-19 pandemic, school systems which had overwhelmingly moved to virtual learning models saw a spike in ransomware demands. The non-profit research institute K-12 Security Information Exchange reported ransomware is now the most commonly reported type of cyber incident disclosed by school districts. In 2021, the K-12 Security Information Exchange recorded 62 cases of ransomware demands made against US public K-12 school districts in 24 states.

The threat of ransomware is not exclusive to the US. IBM Security X-Force noted in a recent report that ransomware attacks targeting educational institutions more than doubled from 2020 to 2021. The attacks continue seemingly unabated.

Chicago Public Schools disclosed that identifying information for 495,000 students and 56,138 staff members had been breached when a third-party provider, Batelle for Kids, fell victim to a ransomware attack. Though the incident took place in late 2021, the school system was not notified until March 2022.

As alarming as the number of ransomware incidents is, it is the sheer cost associated with these demands that really has school systems on high alert. While targeted school districts don’t usually disclose whether and how much they paid in ransom, some do reveal the costs. A school system in Texas last year paid $547,000 to safeguard personally identifiable information.

And the ransom isn’t the only expense associated with an incident. The K-12 Information Exchange said in its report that Baltimore County Public schools incurred $9.7 million in mitigation expenses related to the 2020 Ryuk ransomware attack. The Buffalo School Board in New York granted a request for $9.7 million to hire outside security experts for remediation work following a March 2021 ransomware attack.

The IBM grant program, which is a byproduct of IBM’s Corporate Social Responsibility initiatives, will be dispersed through IBM Service Corps team hours and other resources. The teams will focus on updating operating systems and software, training staff and students, as well as developing and executing communications and response plans.

US-based K-12 public school systems can apply for IBM’s education cybersecurity grant through this portal: IBM is accepting applications through June 21st.

What do you think?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.