October is Cybersecurity Awareness Month! CISA and the National Cyber Security Alliance are keeping with the theme of “Do Your Part. #BeCyberSmart.” If you haven’t already, I would highly recommend checking out their resources for this month. They have tip sheets and one-pagers galore offered in many languages. They also have six resources available for kids on cybersecurity, which are fantastic. CISA‘s promotion and outreach this month will focus on being “Cyber Smart” (Week 1), phishing (Week 2), cybersecurity careers (Week 3), and “Cybersecurity First” (Week 4).
Cybersecurity and K-12
Why is cybersecurity becoming more and more of a “hot topic” in K-12? The 2021 EdTech Leadership Survey Report from Consortium for School Networking (CoSN) states:
“Given that the FBI, [MS-ISAC], and CISA jointly stated that K-12 is the most targeted public sector for ransomware, it is surprising that district IT leaders do not rate this risk higher.”
Whoa. I had to read that twice. The most targeted public sector for ransomware? This statement is in response to survey data indicating that cybersecurity threats, while a top priority, are generally underestimated by district technology leaders. In fact, this report says, “The vast majority (84%) don’t rate any cybersecurity threat as high risk.”
Budget challenges and this underestimation of the severity of threats make schools and districts vulnerable. Not only that, but the report found that 77% of districts do not have a full-time employee whose work is solely focused on network security. Take a look at the top challenges according to the CoSN report.
What Does the Data Say?
In addition to the 2021 CoSN EdTech Leadership Survey Report, data from the 2020 State of K-12 Cybersecurity: Year in Review (K12 SIX) was released in March of 2021. This data showed that moving to remote learning put schools at significantly higher risk of cyber crimes. As a result of this move, cyber incidents rose drastically in the late summer and early fall of 2020.
Based on their data analysis, K12 SIX identified four major factors for this swell of occurrences:
- Increased reliance on devices
- Devices used during remote learning being brought back into schools
- IT staff being unable to actively service devices used during COVID-19
- More focused efforts by threat actors during vulnerable times of the school year using more sophisticated methods
In this study, they also identified five trends in data:
- Data breaches involving the personal information of both students and staff were the most reported type of incident.
- A new kind of cyber threat emerged during COVID-19– class invasion– which was used to enhance and propel other incidents like denial of service and ransomware attacks.
- Spear-phishing continues to be a problem for K-12 schools. $9.8 million was stolen from one school district alone in 2020, with the average amount being $2 million since 2016.
- Larger schools in urban and suburban districts with higher-income communities and districts with higher proportions of students experiencing poverty are at higher risk.
What Are the Top Threats to K-12 Institutions?
In 2017, the Readiness and Emergency Management for Schools (REMS) Technical Assistance (TA) Center published a fact sheet. This document outlines the six most common online threats for school and district networks. CoSN has also rated the top five threats. Here is a list of what the two have in common:
- Data Breach
- Denial of Service
- Phishing
- Ransomware
- IOT Vulnerabilities
Both K12 SIX and CoSN refer to 2020 as a “record-breaking” year for cybersecurity incidents.
What Do We Do Now?
Ed Tech Magazine suggests that being proactive with protocols, planning, and training staff is essential to preventing and addressing cybersecurity threats, among other measures. Additionally, CoSN agrees: “TRAIN, TRAIN, TRAIN! Make sure everyone knows security awareness is their job and who to talk to if they make a mistake.”
Luckily, TCEA can help with this. If you know us, you know that we strive to provide educators with quality professional development in areas that are relevant and essential to the safety, well-being, and quality of education for students in Texas and beyond. That said, we have a two-day System Administrator and Technical Support Conference coming up November 4-5, and anyone can attend. Because we know cybersecurity is a top priority, we have several sponsors specializing in this area who will be available to discuss the latest and greatest trends and solutions to help with assessment, planning, and threat management. We are also offering educational sessions that address this hot topic. Take a look at the full schedule here, and if you’d like to register for the conference, you can do so here.