Reports of security flaws in US K-12 schools by the US government’s Cybersecurity and Infrastructure Security Agency are not good news.
The Protecting Our Future: Partnering to Safeguard K-12 organization from Cybersecurity Threats study and its accompanying digital toolkit target American school children aged 5 through graduation around age 18. K-12 organizations are All conclude that they suffer from problems such as: Lack of resources, clarity and prioritization of IT security needs.
To address these issues, CISA encourages all K-12 school districts to invest in solutions to their most serious security shortcomings, identify and address resource constraints, and build collaborative threat-sharing networks. We recommend that you work on
Throw in some cybersecurity best practices and you’ll likely run into some version of the same problem or solution in other areas. But educators must absorb these funding shortfalls, as NIST said schools are “the most important institutions for the future prosperity and strength of the United States.”
Another Problem in American Schools
In its report, CISA says cyber threats to schools continue to escalate, rising from 400 in 2018 to 1,300 in 2021. Victim of last year’s cyber security incident.
The U.S. Government Accountability Office independently reported last year that learning losses from cyberattacks ranged from three days to three weeks, with monetary losses reaching $1 million per victim. The GAO said phishing, ransomware and DDoS attacks were the most common problems, but trolls disrupting video conferencing have also increased since the pandemic.
There are many examples of attacks on educational institutions, such as the ransomware attack that destroyed a university last year and the 2021 ransomware attack on Chicago public schools that exposed the records of 500,000 students and faculty.
Attacks targeting U.S. schools have become so serious that the FBI, CISA, and MS-ISAC issued a joint advisory last September, calling for a Vice Society threat group to target the U.S. education sector. I warned you that it looks like you are selecting as . .
“School districts with limited cybersecurity capabilities and limited resources are often the most vulnerable,” the trio wrote in their advisory.
In other words, most schools in the country fall into the “most vulnerable” category, as defined by the CISA report.
Can it be easily improved with a familiar fix?
While there are many differences between private companies and schools, the solutions to security shortcomings in the education sector are no different than those previously recommended by CISA.
For example, CISA’s high-priority fix starts with something we’ve all heard about: implementing MFA. CISA then said schools should address known security flaws and run and test backups. Schools should then minimize exposure to common attacks, develop and rehearse incident response plans, and finally build training and awareness campaigns at all levels.
To address resource constraints, CISA encourages schools to apply for CISA and FEMA state and local cybersecurity grant programs, take advantage of free security tools, rely more on technology providers, and reduce on-premises services. said that the security burden should be minimized by
Resource sharing can be done by joining organizations like MS-ISAC and connecting with local CISA and FBI cybersecurity officers, CISA said.
Finally, one well-known piece of advice is contained in the “Cautionary Notes” that CISA issues in its reports.
According to the agency, “Leaders must establish and strengthen a cyber-secure culture. Information technology and cyber security personnel alone cannot carry the burden,” repeating the same advice that applies to everyone. ®