K-12 Cybersecurity is the Key to Safeguarding Our Nation's Digital Infrastructure
America's hallowed education halls are experiencing advanced cyber threats that many school districts and local communities are ill-prepared to address. In 2020 alone, cyber-attacks against K-12 schools rose by 18% and included over 408 different attacks against 377 school systems distributed across 40 states. K-12 cybersecurity is a far-reaching issue that needs to be addressed to safeguard our nation's vital digital infrastructure and community data. Cyber-attacks against a school place lives at risk and force school districts to squander hard-fought educational funding resources. The result is a critical situation reaching a dramatic high point in 2020 but is expected to be even more severe now in 2021. Data breaches and sensitive institutional data leaks (36%) and ransomware attacks that encrypt data (12%) accounted for close to half of all K-12 cyber incidents occurring in 2020. Another 45% fell into the "other" category that includes various types of malware, online class, and meeting intrusions, defacing websites and social media platforms, and a host of other lesser cyber-attacks. Of the estimated 1,600 American K-12 school districts targeted by ransomware attacks in 2020, roughly 60% are believed to have paid out ransoms to retrieve access to vital data. Cybersecurity experts highlight that in 2021, ransomware attacks occur every 11 seconds, and the average cost of a single attack is estimated at $761,106. Schools spend an estimated $732,520 to recover vital system data lost when deciding not to pay ransom fees. When a single ransomware attack occurs against K-12 schools, the average cost reaches as high as $1.45 million when they decide to pay a ransom fee. Expenditures come from paying a ransom fee and the additional cost to ensure their systems are up to date following the attack. Morning Consult and IBM Security released a joint report on October 22nd, 2021, titled IBM Education Ransomware Study. The report highlights the unique threats faced by America's school districts. Among the most pressing findings of that research was the revelation that, despite increased attacks, most school districts and administrators remain unprepared to respond adequately:
- 60% of K-12 educators and administrators report having no formal training for remote education despite 80% now being required to offer most if not all classes online.
- Roughly 50% of all school districts have not initiated formal cybersecurity response training programs despite frequent requests from the FBI (Federal Bureau of Investigation) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency
- Over 50% of K-12 schools cite budget shortfalls as the main barrier to rolling out more expansive cybersecurity threat response protocols.
- About 60% of educators use personal electronic devices to conduct remote learning sessions, and 34% do not have formal training about rudimentary cybersecurity best practices.