My TechDecisions

IT Infrastructure, Network Security, News

This K-12 Cybersecurity Resource Offers Useful Guidance for School IT Professionals

The U.S. Cybersecurity & Infrastructure Security Agency has released a report to help keep K-12 organizations secure.

Leave a Comment

Cybersecurity testing, penetration testing, cyber threats
Photo/Adobe Stock

In an effort to help protect K-12 educational institutions from an increasing rate of cyberattacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new report with recommendations and resource to help K-12 IT professionals address their plentiful security risks.

CISA’s new report, “Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats,” includes insight into the current K-12 threat landscape and offers simple steps school IT leaders can take to strengthen their cybersecurity efforts.

The report on K-12 cybersecurity comes as schools adopt more advanced networking technologies designed to facilitate learning and make schools more efficient and effective, but are also introducing new cybersecurity risks. This is leading to an increasing number of threat actors targeting K-12 institutions. The report comes after a year in which several high-profile ransomware attacks forced school districts to shut down while the attack was mitigated, such as the case of the Los Angeles Unified School District.

Data included in the report shows how cyberattacks against the K-12 education community are increasing, and reported incidents have increased from about 400 in 20187 to over 1,300 in 2021. The reason is simple: schools, school districts, educational technology vendors and other entities have a lot of sensitive data on students and school employees.

However, participants in CISA’s listening sessions on cybersecurity in K-12 institutions say that they lack the IT support, staff and resources to sufficiently protect their systems.

“Participants noted that most districts do not employ full-time cybersecurity personnel, and some smaller school districts may not even employ full-time IT staff,” the report says.

Further, those K-12 schools with cybersecurity experts on staff say they can’t afford to pay for additional training or professional development. This issue becomes even worse at smaller school districts with very limited budgets.

In addition to other issues schools say their existing IT personnel are already overburdened with keeping school IT systems operational and simply don’t have the time to build robust enterprise-grade cybersecurity programs.

CISA Director Jen Easterly says in a statement that ensuring the safety of K-12 schools means that they must be better prepared.

“As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems, threatening our nation’s ability to educate our children,” Easterly says. “Today’s report serves as an initial step towards a stronger and more secure cyber future for our nation’s schools, with a focus on simple, prioritized actions schools can take to measurably reduce cyber risk.”

The K-12 cybersecurity report includes a set of three key recommendations, including:

Invest in the most impactful security measures and build toward a mature cybersecurity plan by taking these three steps:

  • Implement highest priority security controls.
  • Prioritize further near-term investments in alignment with the full list of CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs).
  • Over the long-term, develop a unique cybersecurity plan that leverages the NIST Cybersecurity Framework (CSF).

Recognize and actively address resource constraints:

  • Work with the state planning committee to leverage the State and Local Cybersecurity Grant Program (SLCGP).
  •  Utilize free or low-cost services to make near-term improvements in resource-constrained environments.
  • Expect and call for technology providers to enable strong security controls by default for no additional charge.
  • Minimize the burden of security by migrating IT services to more secure cloud versions.

Focus on collaboration and information sharing:

  • Join relevant collaboration groups, such as MS-ISAC and K12 SIX.
  • Work with other information-sharing organizations, such as fusion centers, state school safety centers, other state and regional agencies, and associations.
  • Build a strong and enduring relationship with CISA and FBI regional cybersecurity personnel.

Read the report for more information.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ