banner
Nov 16, 2021
45 Views
0 0

K-12's decade-old cyber guidance needs updating, watchdog says

Written by
banner

First published on
Specifically, the GAO’s two recommendations for the Department of Education are that the secretary of education meet with the director of CISA to develop on updates to the sector-specific plan for education, with focus on assessing and prioritizing the federal role in helping K-12 schools respond to and prevent cyberattacks.
2020 was a “record-breaking” for cyberattacks against U.S. schools, due in part to the pandemic-driven transition to remote learning, according to the K-12 Cybersecurity Resource Center. Last year, there were 408 publicized incidents marking an 18% increase over 2019.
The sector has experienced an estimated 1,180 cyber-related incidents since 2016.
In October, President Joe Biden signed the K-12 Cybersecurity Act into law, requiring CISA to study the K-12 sector’s cybersecurity needs to develop tools and guidance for school districts. Other proposals, like the Enhancing K-12 Cybersecurity Act, have also sought new resources from CISA and called for additional funding for a K-12 Cybersecurity Technology Improvement Program.
“What we are really hoping for is a deeper analysis of some of the systemic and structural challenges facing schools in trying to defend against these risks,” as opposed to more federal guidance, Doug Levin, national director of K-12 Security Information Exchange, told K-12 Dive in October.
K-12 schools have become a particularly popular target for ransomware attacks, in which malware locks access to sensitive data behind a wall in demand for a ransom from the victim. In some instances, school districts have caved and paid these ransoms. The average amount demanded in ransomware attacks across industries is $570,000, according to GRC World Forums.
There are, however, a number of steps K-12 districts can take to avoid worst-case scenarios from cyber threats. For instance, organizations like the K-12 Security Information Exchange offer self-assessments to help schools identify and overcome vulnerabilities. Standards developed by the organization suggest, as a baseline:
Other suggestions experts have shared with K-12 Dive include using stronger, hard-to-guess passwords and adopting tools that require multi-factor authentication in sign-on processes.
Follow on Twitter
The biggest and baddest ransomware groups love an easy vulnerability.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Subscribe to Cybersecurity Dive for top news, trends & analysis
The biggest and baddest ransomware groups love an easy vulnerability.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Get the free daily newsletter read by industry experts
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News
banner

Comments are closed.