Schools have taken a big hit owed to cyberattacks. In some cases, incidents involving educational institutions have resulted in truly awful consequences.
Good a few of the recent examples are data breaches where a child’s data was used to apply for an auto loan and complete shutdowns of online pedagogy during the Covid-19 Pandemic. The list continues to grow, especially with the rise of cyberattacks similar ransomware.
And schools clearly need help with mitigating cyber risk.
According to the incident map by The K-12 Cybersecurity Resource Center, 1,180 cyber incidents have been reported since 2016. This does not include attacks on educational institutions that go uncited, which is common.
In an attempt to curb the attacks on schools, the Biden Administration signed into law the K-12 Cybersecurity Act, which aims to provide assistance to pedagogy officials.
“This law highlights the significance of protecting the sensitive information maintained by schools across the country, and my Administration looks sassy to providing chief tools and counsel to help strong our school’s information systems,” according to a statement from the White House.
Next steps for the K-12 Cybersecurity Act
Before 120 days, the Cybersecurity and Infrastructure Security Agency (CISA) will study cybersecurity risks that:
- “analyzes how identified cybersecurity risks specifically impact K–12 educational institutions”
- “includes an evaluation of the challenges K–12 educational institutions face”
- “identifies cybersecurity challenges relating to remote learning”
- “evaluates the most accessible ways to communicate cybersecurity recommendations and tools”
From there, Congress will be briefed and then 60 days after the study, CISA Director Jen Easterly will make cybersecurity recommendations for K-12 Institutions.
No more than 120 days after the recommendations, an “online training toolkit” will be created to educate school officials and “provide strategies” to keep institutional data and networks safe.
While this initiative is helping give officials additional tools, it will not be an overnight difficult situation.
Will the K-12 Cybersecurity Act make a difference?
By taking the fresh step and having the authorities recognize the issues, some professionals are saying this bill could strengthen security for schools.
“Not all educational institutions have a deep enough understanding of how to go about protecting themselves, and having official guidelines and laws such as this one will strengthen security as a priority in a standardized way across the country. The support of the presidential office to secure systems and data at schools is significant and will be extremely helpful in providing schools and administrators with the tools they need to properly protect their systems and data from cyberthreats,” said Heather Paunet, Senior Vice President of Untangle.
However, with so many educational institutions across the nation, scaling a cybersecurity initiative is where challenges could arise, according to some experts.
“This is a marathon, not a sprint. It’s a complicated exit, and I don’t think there are a lot of easy solutions,” Doug Levin, National Music director of the K-12 Security Information Exchange, said to ZDNet.
Others say financial boundaries may stand in the way of the project being successful.
“Cybersecurity in any organization is an expensive proposition, either because tools cost debt or professionals cost goods or services owed. The fact is that many units of local government, and especially schools, simply don’t have debt to spare.
While studying the risks and creating free resources and guides is a salutary fresh step, the reality is that smaller and poorer districts won’t be able to implement much of what is in the guidebook CISA will create, assuming they have any staff that can read and understand it in the original place. This law is a good fresh step, but it cannot, and must not, be the final step,” says John Bambenek, Primary Threat Huntsman at Netenrich.
Advocates for mitigating the vulnerabilities of K-12 cybersecurity are already jumping in to provide helpful direction on improvements.
Background on the K-12 Cybersecurity Act
This bill was passed with bipartisan support, noting that children are susceptible to having breakable data exposed through “grades and information on scholastic maturation;” “medical records;” “family records;” and “personally identifiable information.”
In an endeavor to address the hacking attacks, the bill states it will assist by “providing K–12 educational institutions with resources to aid cybersecurity efforts, will help K–12 educational institutions prevent, detect, and respond to cyber events.”
Educational institutions in top 10 most vulnerable to ransomware in 2021
In a SecureWorld remote session, Digital Shadows Threat Intelligence Manager, Alec Alvarado, shared statistics around ransomware alone in the first half of 2021. While not as prevalent as attacks on the industrial sector, teaching still fell into the seventh place.
On the other hand, ransomware is not the only form of malware and cyberattacks schools are experiencing.
What are your thoughts about the new K-12 Cybersecurity Act and what are some of the fresh steps educational institutions can take to protect student data? Share your thoughts in the comments section.[RESOURCES] If you would similar a full picture of ransomware’s effects in 2021, listen to Alec Alvarado’s presentation Ransomware in 2021: 3 Leak Sites, 2,600 Victims on demand.
Register to attend one of SecureWorld’s virtual conferences to stay up to date on the up-to-date conversations in cybersecurity.