Photo: The Canadian Press

The Kamloops-Thompson school district says it's keeping pace with best security practices as B.C. school districts face a rising number of cyber attacks.

In a letter to the province's school districts, Minister of Post-Secondary Education and Future Skills Lisa Beare stressed the importance for districts to follow industry standards, recommended cybersecurity practices and secure their networks amidst a rise in threats.

"Actors such as foreign governments, organized cyber-crime groups, activists, and terrorists are increasingly using a variety of techniques to steal or destroy government-held information, interrupt critical public services, or target physical infrastructure to achieve financial, geopolitical, or ideological objective," she wrote.

Beare said four school districts in B.C. had been targeted in cyber attacks between March and November of last year. Three of them were ransomware attacks.

“Evidence suggests that these bad actors will continue to target school districts in B.C. and exploit system vulnerabilities to gain access,” Beare said.

In a statement to Castanet Kamloops, SD73 said it is committed to cybersecurity and it regularly evaluates and adjusts its practices to meet required standards.

The district said it works with the province to do ongoing training about technologies and practices that keep pace with the privacy and security landscape.

“We have a team who understands and educates all levels of our organization about cybersecurity practices,” SD73 said.

“While plans are adjusted regularly to meet privacy criteria, it is necessary not to publish details of cybersecurity pans to retain security.”

'Low risk, high reward'

Last year, cyber attacks hit B.C. organizations hard, including the Okanagan-Skaha and New Westminster school districts, health organizations like the First Nations Health Authority of B.C. and retailers including London Drugs.

Musfiq Rahman, associate professor and chair of computing science at Thompson Rivers University, said school districts can be prime targets for ransomware attacks because of the large caches of student and employee data they store that can be held for ransom, and security systems that are often outdated or lacking.

He said if hackers are able to shut down access to a service, like student computers, a school district may be more obliged to pay the ransom because of the large number of people being affected by the blackout.

“It’s low hanging fruit — easy to target and then get the maximum out of it,” Rahman said.

He said cyber attacks are on the rise across the board because systems are getting more complex, creating more entry points for a potential hacker to breach.

“Because we are sharing our data information with multiple systems, not all system have the same level of security,” Rahman said.

“It becomes easier to get into the system through that vulnerable or weak system that we are using, and the dependencies are increasing every day.”

He said it's important for school districts to have a recovery plan in the case of an attack, to regularly backup and maintain their systems and to properly invest in cybersecurity infrastructure.

Rahman called it a “cat and mouse race” in which cybersecurity specialists need to always be ahead of potential attackers and their methods of attack.

But there’s no guaranteed method of warding off hackers.

“It's a matter of when, not if it will happen,” Rahman said. “It could happen to any school district, so if they are ready and prepared — that is the way to go.”