K-12 Schools and the Increase in Cyber Attacks

All businesses have seen an increase in the number of cyber incidents and attacks, but K–12 has seen an exceptionally sharp increase. Further research found that among publicly reported instances, ransomware has become the leading threat. It is more important than ever to upgrade infrastructure and cybersecurity to prevent school districts from having to shut down for the duration of the ransomware recovery process, or, even worse, from having to spend astronomical sums of money to retain or retrieve sensitive data. Information sharing is a crucial defense that can be effective. Understanding ransomware attacks and their effects on other school districts is essential for assisting other organizations. Institutions will be able to fight cybercrime more effectively by remaining proactive rather than reactive.

We are all aware of how chronically understaffed and underfunded some school districts are, especially when it comes to cybersecurity. Cybersecurity hasn't been able to get high enough on the list of essential long-term educational goals to merit enough funding. Malicious actors frequently use widespread flaws in security measures, misconfigurations, and subpar procedures to obtain initial access to school networks. In many circumstances, districts can take relatively easy, inexpensive (or even free) actions to improve the security of their data, which will help prevent or at least lessen the damage.

Organizations can use a series of guidelines and other tools from the NIST (National Institute of Standards and Technology) Cybersecurity Framework to help them strengthen their cybersecurity. Resources are provided by the framework to assist users in risk identification, data and system protection, threat detection, incident response, and attack recovery. K-12 IT administrators can use advice and techniques to improve cybersecurity in their local district. The NIST Cybersecurity Framework contains voluntary guidelines, and schools are free to select the elements or actions that will work best for their settings.

Multifactor authentication in K–12 was met with a lot of opposition up until about a year ago. Although there is still some opposition, the idea is now being accepted by many districts and, more crucially, by administrative leadership. Not only is it one of the simplest and most effective things you can do to protect your school from an attack, but it's also required by most insurance providers offering cyber insurance to the education industry.

In cybersecurity, the human element is very important. It's not that workers who utilize IT systems are naive or careless by nature. But for most people, understanding cybersecurity is not instinctive. Training in secure system usage and continuing awareness of prevalent scams are necessary for good cyber practices. Users may avoid mistakes, improve the security of their credentials, handle sensitive information securely, and avoid social engineering attempts with the knowledge they gain from training.

For the time being, a district's priority should be to actively prepare for the likelihood of a ransomware assault and make sure it is aware of the potential damages. In the meantime, appeals for more federal assistance to assist school districts in defending themselves against these large cybersecurity threats and attacks have increased from K–12 technology companies. Included in it is a demand for federal funding to help with cybersecurity in schools and libraries.

Michael Markulec

technology executive, cyber-security guru, politician, rugby player, deadhead, brewer, former army officer, crossfitter, and hard-drinking calypso poet.