The Cybersecurity and Infrastructure Security Agency released a report on Tuesday outlining a variety of steps K-12 schools and districts should take to improve their cybersecurity practices, amid rising attacks. of ransomware and other digital threats targeting primary and secondary education institutions across the country. .

The report offered three voluntary recommendations to help schools strengthen their cyber defenses, including investing in the highest-impact security measures and developing a “mature cybersecurity plan,” identifying and addressing resource constraints, and focusing on “collaboration and information sharing”.

The CISA report highlighted individual steps schools could take to achieve these recommendations, such as implementing multi-factor authentication to secure online accounts and data, developing a Cyber ​​Incident Response and Funding Research from the State and Local Cybersecurity Grants Program, and other similar programs. , to improve their cybersecurity practices.

“As K-12 institutions use technology to make education more accessible and effective, malicious cyber actors are working hard to try to exploit vulnerabilities in these systems, threatening our country’s ability to educate our children” , CISA Director Jen Easterly said in a statement. “Today’s report is a first step towards a stronger and safer cyber future for our nation’s schools, focusing on simple, high-priority actions schools can take to measurably reduce cyber risks.”

At least 45 US school districts suffered ransomware attacks in 2022, including a ransomware attack on the Los Angeles Unified School District last fall that leaked 500 GB of data stolen by hackers. While CISA said the total number of cyber incidents affecting K-12 schools “is impossible to reliably quantify due to a lack of consolidated data,” it added that “incidents reported between 2018 and 2021 are increased from 400 in 2018 to a cumulative total”. more than 1,300” in 2021.

The increase in cyberattacks targeting schools and districts has underscored the lack of available resources currently available to school administrators and educators to mitigate threats. CISA – which noted that it “organized and facilitated a series of listening and feedback roundtables with key stakeholder groups” to gather feedback for the report – said educators and school staff expressed specific concerns at the agency about the lack of staff and funding needed to adequately respond to cybersecurity challenges.

Participants in the listening sessions pointed to the “extreme disparity in the availability and funding of talent” in cyber risk management, as well as the fact that “most districts do not employ cybersecurity personnel full-time, and some smaller school districts may not even employ full-time IT staff. In cases where a school or district employed a cybersecurity professional, stakeholders noted that these employees “often do not have up-to-date training or experience, in part due to limited resources for professional development. “.

“We’ve learned that what the industry needs most are resources, simplicity and prioritization,” CISA said. “As a result, this report strives to cut through the noise and provide clear steps that are prioritized to help K-12 organizations implement the most effective cybersecurity controls first.”

CISA’s report was mandated by the K-12 Cybersecurity Act, which required the agency to “study the cybersecurity risks facing elementary and secondary schools and develop recommendations that include cybersecurity guidelines designed to help schools.” to deal with these risks. Legislation – presented by the senses. Gary Peters, D-Mich., and Rick Scott, R-Fla. – was signed into law by President Joe Biden in October 2021.

In a statement, Peters called the report “an important step in helping K-12 schools across the country protect against cyberattacks that put student and staff personal information at risk.”

“K-12 schools are increasingly targeted by hackers, and this new resource from CISA provides easy-to-understand guidance on cybersecurity risks to schools that need it most.” , he added.

CISA has also released an online toolkit that expands on the report’s recommendations to help K-12 schools and school districts manage and reduce cyber risks, including providing links to resources. and free cybersecurity-related training for education professionals.

CISA called the report a “starting point” and said it would “continue to partner with the K-12 education community and work with technology vendors to encourage the provision of tools and free or low-cost security products that are secure by default and by design.”

Source link

Leave A Reply