(RightIsRight.co) – The education community in the United States is facing a significant cybersecurity threat, impacting the youth of America.
According to Charlie Reisinger, chief information officer of Penn Manor School District, schools are constantly targeted by cyber adversaries globally. The Emsisoft report highlights that in 2022, nearly 2,000 schools across 45 districts were victims of cyberattacks, nearly doubling the incidents from the previous year.
The vulnerability of schools to cyberattacks is exacerbated by inadequate funding for cybersecurity. Schools like Penn Manor, with thousands of students generating millions of data points, are at risk of ransomware and identity theft. This situation can have long-lasting financial and socio-emotional impacts on students.
Warren Young, vice president of education at Absolute Software, points out that the high number of devices in schools increases the risk of loss, theft, and security feature removal. Phishing attacks and exploitation of vulnerabilities, particularly for ransom, are significant concerns for Josh Heller, supervisor of information security engineering at Digi International.
The costs of ransomware attacks are multifaceted, affecting not only financial aspects but also hindering student learning. Every security measure, such as phishing simulations and multi-factor authentication, while necessary, can also reduce learning time.
To combat these threats, federal funding and regulations are crucial. Expanding funding through programs like the Department of Homeland Security’s Cybersecurity Grant Program and regulating through initiatives like California’s Age-Appropriate Design Code Act are vital steps.
Partnerships between public schools and local universities can also address the cyber talent gap.
Young emphasizes the importance of auditing and encrypting data on devices and being able to remotely remove data in case of a breach. Heller suggests responsible vendor disclosure and using resources like the NIST National Vulnerability Database. However, he warns that keeping this information secure from malicious actors is crucial.
School districts must understand indicators of compromise, as identifying and containing breaches quickly is essential for minimizing damage. An incident response team with a disaster recovery plan is crucial for protecting assets and the community.
In terms of practical security measures, Heller advises against using methods like SMS for multi-factor authentication due to vulnerability to interception. He suggests physical hardware security tokens instead. However, given the young age of many students using technology, balancing security with practicality is a challenge.