K-12 Cybersecurity is the Key to Safeguarding Our Nation's Digital Infrastructure
America's hallowed education halls are experiencing advanced cyber threats that many school districts and local communities are ill-prepared to address. In 2020 alone, cyber-attacks against K-12 schools rose by 18% and included over 408 different attacks against 377 school systems distributed across 40 states. K-12 cybersecurity is a far-reaching issue that needs to be addressed to safeguard our nation's vital digital infrastructure and community data. Cyber-attacks against a school place lives at risk and force school districts to squander hard-fought educational funding resources. The result is a critical situation reaching a dramatic high point in 2020 but is expected to be even more severe now in 2021. Data breaches and sensitive institutional data leaks (36%) and ransomware attacks that encrypt data (12%) accounted for close to half of all K-12 cyber incidents occurring in 2020. Another 45% fell into the "other" category that includes various types of malware, online class, and meeting intrusions, defacing websites and social media platforms, and a host of other lesser cyber-attacks. Of the estimated 1,600 American K-12 school districts targeted by ransomware attacks in 2020, roughly 60% are believed to have paid out ransoms to retrieve access to vital data. Cybersecurity experts highlight that in 2021, ransomware attacks occur every 11 seconds, and the average cost of a single attack is estimated at $761,106. Schools spend an estimated $732,520 to recover vital system data lost when deciding not to pay ransom fees. When a single ransomware attack occurs against K-12 schools, the average cost reaches as high as $1.45 million when they decide to pay a ransom fee. Expenditures come from paying a ransom fee and the additional cost to ensure their systems are up to date following the attack. Morning Consult and IBM Security released a joint report on October 22nd, 2021, titled IBM Education Ransomware Study. The report highlights the unique threats faced by America's school districts. Among the most pressing findings of that research was the revelation that, despite increased attacks, most school districts and administrators remain unprepared to respond adequately:
- 60% of K-12 educators and administrators report having no formal training for remote education despite 80% now being required to offer most if not all classes online.
- Roughly 50% of all school districts have not initiated formal cybersecurity response training programs despite frequent requests from the FBI (Federal Bureau of Investigation) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency
- Over 50% of K-12 schools cite budget shortfalls as the main barrier to rolling out more expansive cybersecurity threat response protocols.
- About 60% of educators use personal electronic devices to conduct remote learning sessions, and 34% do not have formal training about rudimentary cybersecurity best practices.
In this article, we discuss the landscape of cyber threats against America's classrooms and educational institutions while also highlighting the copious opportunities available for young people to learn about information security and use their skills to help protect our nation.
Now is the Time for a Stronger Cybersecurity Posture in America's Classrooms
On Friday, April 2nd, State Representatives Doris Matsui (D-Calif) and Jim Langevin (D-RI) addressed the United States Department of Education's Secretary of Education Miguel Cardona. They urged federal action to tackle the ever-expanding threat our nation's school systems face during this time of uncertainty. "As the US continues to battle the ongoing pandemic, the Department of Education will play a critical role in supporting American families as they navigate the challenges of distance learning and prepare to reenter the classroom safely," Matsui and Langevin wrote in a letter. "To help ensure schools are keeping pace with the demands of the modern classroom, we urge you to issue guidance that will allow K-12 schools to make needed investments in increased cybersecurity measures." Unfortunately, our nation's colleges and universities are not faring much better. There have been high-profile cyberattacks levied against higher education institutions frequently over the last several years. In 2020, for instance, the University of California, San Francisco (UCSF) was forced to pay a ransomware fee of $1.14 million after its School of Medicine was forced to cease operations after hackers encrypted its vital institutional data. Cyberattacks against America's research institutions are especially problematic. As the foundation of America's expertise is in medicine and technology, attacks threatening to remove medical breakthrough data and other innovative discoveries create a unique national security issue. It is imperative to note that many of the cyber-attacks carried out against America's K-12 school systems and higher education institutes are directed by advanced non-state hacking syndicates and state actors connected to nations interested in harming the United States. While some attacks are jokes and pranks, at the most advanced levels, the cyber threats facing America's classrooms represent the development of a new front in an ongoing global cyberwar.
Cybersecurity Must Take Center Stage in America's K-12 Schools, Trade Schools, Colleges, and Universities
The challenges facing American schools continue to mount in 2021. When enhancing cybersecurity, we believe the spirit of the moment has immense opportunities. Yes, American K-12 schools, colleges, and universities need enhanced cybersecurity measures in place. Yes, these same education institutes face unprecedented threats carried out by dangerous individuals and organizations motivated to harm our communities. However, where there are challenges to face, there are also opportunities to realize. Information security, data security, and cybersecurity are some of the fastest-growing industries in the entire world. There are copious opportunities for young people to develop exciting, rewarding, and high-paying jobs by training themselves to be the next generation of cybersecurity experts. Our K-12 school systems, colleges, and universities can counter threats by better educating their educators, administrators, parents, and students about cybersecurity while offering coursework about getting more involved with the industry as a viable career path. By placing cybersecurity education at the forefront, America's education systems are taking steps towards safeguarding our nation's vital digital infrastructure. They're also ensuring that the next generation of brilliant information security minds are given the resources they need to realize their highest potential. K-12 schools, colleges, and universities need enhanced cybersecurity measures in place. However, the best defense of all is a responsive, educated, and aware community. We urge all parents, administrators, educators, and service staff connected to education systems to advocate for cybersecurity training—not just to counter current threats—but also to prepare young people to be the cybersecurity leaders of tomorrow. Now is the time for America to take cybersecurity seriously and for our national community to educate itself about how to stay safe in a transforming world. Contact us today to learn more about how we can help your organization be more cyber resilient.
