IBM rolls out $3M grant program for schools to defend against cyberattacks

IBM on Thursday announced a $3 million grant program that is expected to go toward protecting K-12 schools against ransomware and other cyberattacks, which have increased significantly as classes moved to online instruction amid the COVID-19 pandemic.

The grant program will be awarded to six public school districts across the U.S., with each district getting $500,000. School districts have until March 1 to apply for the grants. Six to 10 IBM volunteers will be deployed to each of the winning districts to help implement cybersecurity initiatives.

“Schools will be awarded that grant and they will receive the contribution in the form of an in-kind funding through services performed by IBM’s service core teams,” Chris Scott, the director of Security of Innovation within IBM’s Office of the CISO, said during a virtual event hosted by IBM on Wednesday ahead of the announcement. “These volunteer services are going to be aimed at helping to improve school cybersecurity postures.”

Scott said the services included implementing cybersecurity training, updating incident response plans and improving coordination in the event of a cyberattack.

“Ransomware attacks on schools have become the new snow day for students,” Scott said in a separate statement. “Stay-at-home orders, and the switch to remote learning, have changed the focus for cyber criminals looking for easy targets as everyone from kindergartners to college professors have adopted remote technologies.”

Schools nationwide have faced a massive uptick in ransomware and other cyberattacks during the course of the pandemic, as cyber criminals have increasingly viewed online classes as an easy target for ransomware attacks. 

These attacks, which have also hit hospitals hard during the pandemic, involve the attacker encrypting a network and demanding payment to return access, with school districts faced with the choice of paying the fee or paying far more to replace their equipment and recover from the attack. 

“What are the hackers looking to gain? It’s really a simple one word answer: money,” Herbert Stapleton, the section chief of the FBI’s Cyber Division, said during the Wednesday event. 

The FBI has been involved in investigating cyberattacks on schools. In December, it put out a joint advisory with the Cybersecurity and Infrastructure Security Agency (CISA) warning that hackers were increasingly viewing online K-12 classes as “targets of opportunity.”

“This is just a blatantly financially motivated enterprise and there is not really a lot of concern on the part of the criminal actors about what the damage is, whether that’s damaging public schools or hospitals or any other sort of pieces of critical infrastructure of our society,” Stapleton said. 

IBM and Morning Consult also released a study in conjunction with the grants on the impact of cyberattacks on K-12 institutions over the past year. 

The study surveyed 1,000 educators and administrators and found that almost 60 percent were not sure they had ever received cyber training for the move to remote learning. More than half said their limited budgets was a barrier to instituting these trainings. 

Despite escalating cyberattacks — which negatively impacted classes in school districts in Miami-Dade County, Fla., Baltimore County, Md., and Fairfax County, Va., among many others over the past year — around half of those surveyed did not express concern over their own institutions being attacked. 

“It’s a viable business model to collect what might be considered lower ransoms, certainly lower to the criminals, maybe not so much to the victims, they are trying to extract every last penny they can extract from the victims,” Stapleton warned on Wednesday. 

IBM is not the only group to address escalating cyberattacks. CISA announced a new public awareness campaign last month specifically focused on protecting K-12 institutions from ransomware attacks.

A coalition of cybersecurity and tech groups including Microsoft, FireEye and McAfee have also banded together to form a ransomware task force to create a roadmap to help schools, hospitals and other critical institutions defend against these attacks.