School systems across the country are high-value targets for cybercriminals. They manage vast networks of devices, house sensitive personal data, and run on budgets that rarely stretch far enough to support full-scale security programs.. And as ransomware campaigns increasingly target education, the stakes are high.
North Carolina faced this challenge head-on. With 1.3 million+ devices spread across 343 school districts and only a handful of IT staff, the state had to find a way to see and secure everything without overwhelming its limited defenders. By partnering with runZero, they built a scalable exposure management program that offers lessons any organization (public or private) can apply.
Lesson 1: You can’t defend what you can’t see #
School networks don’t just include laptops and desktops. They span HVAC systems, security cameras, medical devices, legacy servers, even robot vacuums. Multiply that across hundreds of schools, and the sprawl becomes complicated to track, as traditional tools and scanners leave dangerous blind spots.
To address this challenge, North Carolina’s K-12 school district rolled out runZero’s agentless discovery and instantly surfaced millions of IT, OT, and IoT assets without installing agents or disrupting classrooms. From cloud-based systems to aging servers in back rooms, defenders finally had a map of their terrain.
No matter your sector, you can’t defend what you don’t know exists. You must always start with a reliable, comprehensive asset inventory. Otherwise, your defenses rest on guesswork.
Lesson 2: Lightweight solutions scale further #
The challenge: Heavy, agent-based solutions aren’t realistic for schools with limited staff or time. If a tool takes constant babysitting, it won’t get used.
North Carolina’s approach: Agentless discovery eliminated that burden. Local IT teams didn’t need to manage agents or deal with compatibility issues. The program scaled seamlessly across hundreds of districts, running quietly in the background while producing actionable visibility.
Lesson for any organization: Adoption is everything. Tools that are lightweight and easy to deploy will deliver value where heavyweight options fail. Whether you’re defending 300 schools or 30,000 employees, simplicity is the key to scale.
Lesson 3: Centralized Visibility Enables Small Teams to Act Big #
The challenge: A single ransomware attack in one district could ripple across the state. With only a small group of staff overseeing hundreds of school networks, siloed visibility was a recipe for missed signals.
North Carolina’s approach: By aggregating exposure data into a statewide operating picture, a small team could coordinate response across hundreds of networks. Instead of firefighting one incident at a time, they could see systemic risks, prioritize critical exposures, and act quickly across the board.
Lesson for any organization: Centralization amplifies the impact of lean teams. Shared visibility enables defenders to coordinate, spot patterns, and move faster — no matter how small the staff.
Lesson 4: Legacy systems are the rule, not the exception #
The challenge: Schools depend on specialized hardware and applications that can’t always be upgraded on schedule. Unsupported operating systems and older devices were everywhere, creating an unavoidable layer of risk.
North Carolina’s approach: Instead of ignoring those systems, the state treated them as a core part of the risk landscape. By identifying legacy devices, tracking exposures, and applying compensating controls, they reduced risk while keeping classrooms running.
Lesson for any organization: Every environment has “undead” systems. Hospitals, manufacturers, and retailers face the same reality. Pretending they don’t exist only worsens the problem. Acknowledge them, monitor them, and build security around them.
These challenges are universal #
School systems may feel unique in their resource constraints, but the truth is, most organizations are in the same boat. Budgets are tight, teams are small, and threats move fast. North Carolina’s statewide program shows that scalable, lightweight visibility can empower even the leanest teams to defend massive networks.
The lessons are simple but powerful: start with visibility, scale with lightweight tools, centralize your view, and don’t shy away from legacy.
Join the conversation #
On October 21 at 10AM PT / 1PM ET, Samuel Carter of the Friday Institute and runZero’s Tod Beardsley will walk through North Carolina’s program and how they used runZero to help improve their security posture. Register now and read the in-depth case study ahead of time!
