72.1 F
Washington D.C.
Tuesday, July 23, 2024

New Report Uncovers Cybersecurity Challenges Facing K-12 Schools

The MS-ISAC recommends K-12 schools take five decisive steps to effectively address their cyber risk.

A tour through the busy halls and classrooms of our K-12 public schools would not reveal any clues to the underlying threat they face daily from cyber threat actors intent on disrupting the digital safety and security of students, staff, and their data. K-12 schools have emerged in the past several years as one of the most frequently targeted of our public institutions in the United States. While the hardworking IT and cyber professionals in this sector have made great strides in applying effective cyber defenses, more can be done. The Multi-State Information Sharing and Analysis Center (MS-ISAC) produced our first K-12 Report as a way for K-12 leaders to better understand their cyber risk and take decisive actions to mitigate it.

At the MS-ISAC, we have a unique vantage point to view the cybersecurity challenges and threats faced by various critical infrastructure sectors among state and local governments in the U.S. We manage the largest cyber threat database on U.S. State, Local, Tribal, and Territorial (SLTT) governments, informed by telemetry from thousands of sensors deployed across SLTT networks, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and more than 200 threat intelligence sources. We process more than 100 petabytes of data each month – the equivalent of two billion four-drawer filing cabinets full of information related to the cybersecurity of state and local governments. While our more than 3,700 K-12 school and district members are among the most highly targeted, they are also among the most active segment of our 14,000 organizational members in the MS-ISAC. Given the cyber threat they face, they have to be.

The cybersecurity threat to K-12 schools is persistent, and the potential harm of cyber attacks threatens both the vital work of our education system and the data security of an entire generation of young Americans. Ransomware remains the most impactful cybersecurity threat to K-12 schools, often resulting in significant financial loss and taking schools offline for days. Some K-12 ransomware attacks have taken months to fully remediate. Cyber threat actors’ demands seemed to have increased over time, with ransom demands exceeding $1 million in some cases. The MS-ISAC has observed cyber threat actors emailing students, parents, and faculty to heighten the pressure on schools to pay. Our report provides further details about the top malware threats to K-12 schools and how threat actors commonly breach their cyber defenses.

So just how prepared are our K-12 schools to face this massive threat? The answer is not as encouraging as we’d like to see. In the 2021 Nationwide Cybersecurity Review (NCSR), a risk-based assessment that gauges cybersecurity preparedness, K-12 schools showed year-to-year improvements but an overall average cyber maturity score of 3.55 out of 7. That is not a passing grade by classroom standards. K-12 respondents to the NCSR reported a lack of sufficient funding as one of their top challenges, with nearly one fifth of schools spending less than one percent of their overall IT budget on cybersecurity. While 29 percent of MS-ISAC K-12 member schools reported they had been victims of a cyber incident, more than a third of K-12 members reported that they did not have an established cyber incident response plan to respond to such an event. Clearly, more should be done to protect our K-12 schools and the students they support.

The MS-ISAC recommends K-12 schools take five decisive steps to effectively address their cyber risk. First, it is important to join a community of peer organizations similarly committed to cybersecurity. At the MS-ISAC, we believe that we are better when we work together, and we offer K-12 schools numerous ways to collaborate with one another, including our active MS-ISAC K-12 Working Group. Second, we recommend that schools complete a cybersecurity assessment so they can benchmark and improve upon their cybersecurity posture over time. We recommend the comprehensive and informative Nationwide Cybersecurity Review as the best measure of cybersecurity preparedness. For those schools looking for an abbreviated preparatory step to the NCSR, we recommend the 32-question Foundational Assessment, available by contacting [email protected]. Third, we recommend K-12 schools complete Implementation Group 1 (IG1) of the CIS Critical Security Controls, a step that has proven effective in defending against up to 86 percent of common cyber attacks. Fourth, we recommend that schools have some means of receiving regular cyber threat intelligence, like the MS-ISAC Indicator Sharing Program. You can only be fully prepared for the cyber threats you know about. Lastly, we recommend that K-12 schools implement an intrusion detection system (IDS) and endpoint detection and response (EDR) to effectively protect their IT environments. Many schools are leveraging solutions offered through the MS-ISAC to fortify their cyber defenses, like Albert Network Monitoring and Management and Endpoint Security Services (ESS). The MS-ISAC’s Malicious Domain Blocking and Reporting (MDBR) DNS security solution, available at no cost to K-12 public schools, has also been highly effective at preventing cyber attacks, blocking an average of more than 624,000 malicious DNS requests for each K-12 entity enrolled in the service.

Cybersecurity is a race without a finish line, and K-12 schools have the daunting task of keeping up with the persistent cyber threat with limited resources. At the MS-ISAC it is far more than just our mission to come alongside state and local government institutions like K-12 public schools; it is our honor to serve organizations that do so much to serve us. We owe it to our school administrators, teachers, and students to ensure they are cyber secure and the ever-important work of education can continue without disruption.

Josh Moulin
Josh Moulin
As Senior Vice President and Acting General Manager of Operations and Security Services at the Center for Internet Security, Josh Moulin provides executive leadership for OSS while focusing on the mission of improving the cybersecurity posture of state, local, tribal, and territorial (SLTT) organizations. Moulin is responsible for planning, developing, and executing OSS products and services, including the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), security operations, incident response, vulnerability management, digital forensics, data and analytics, software engineering, and threat intelligence. Moulin has been working in the cybersecurity field since 2004. Prior to CIS, he was an Executive Partner at Gartner, where he advised executives in the U.S. Federal Civilian Government and Department of Defense on shaping organizational strategy, improving executive leadership, changing culture, driving innovation, maintaining information security and assurance, and implementing technology. Before Gartner, Moulin spent five years at the Nevada National Security Site, part of the Department of Energy/National Nuclear Security Administration’s nuclear weapons enterprise. Moulin served in a variety of roles, including as the Chief Information Security Officer and Chief Information Officer, responsible for all aspects of classified and unclassified IT and cybersecurity for this global national security organization. Moulin began his cyber career while in law enforcement. As a police lieutenant, Moulin commanded a regional, multi-jurisdictional cybercrimes task force and accredited digital forensic laboratory, and was deputized by both the FBI and U.S. Marshals Service. Over Moulin’s 11-year law enforcement career, he led hundreds of cyber investigations, including intrusions, terrorism, extortion, white-collar crimes, violent crimes, and child exploitation. He has been qualified as an expert witness in the areas of cybercrime and digital forensics numerous times in state and federal court. Moulin is frequently requested by organizations across the world to consult in areas such as cybersecurity, risk management, leadership, and facilitation. He has a Master’s Degree in Information Security and Assurance and has earned several professional certifications, including the CISSP, GCIA, GCFA, GSEC, CFCE, and CEH.

Related Articles

Latest Articles