The education sector is often overlooked when it comes to cybersecurity, with schools and universities seen as soft targets for cybercriminals. Unfortunately, this perception is backed up by statistics that show K–12 institutions are being hit by ransomware attacks at an alarming rate, with 89 schools affected in 2022 alone, impacting almost 2,000 schools across the US. This is due in part to the lack of a strong cybersecurity culture in these institutions, which is why education leaders need to prioritize cybersecurity to protect schools and students.
The problem is that IT personnel in schools are already overwhelmed with tasks like updating passwords, and they should not be expected to bear the security burden alone. Instead, a shared-responsibility model, in which everyone in the organization is aware of cybersecurity risks and does their part to remain secure, is crucial. For this reason, it’s essential that education leaders get on board with the idea of a cybersecurity-first culture.
Leadership is key when it comes to creating a strong cybersecurity culture, and this is no different for K–12 institutions. The K–12 Cybersecurity Act of 2021 recognized this, charging the Cybersecurity and Infrastructure Security Agency with providing recommendations for how schools can combat risk. The top finding from the resulting report was that “leaders must establish and reinforce a cybersecurity culture.”
However, investments in cybersecurity often take a back seat to investments in other educational programs. This mindset needs to change if we are to protect our schools from cyber disruptions. The loss of learning following a cyberattack can range from three days to three weeks, with recovery time ranging from two to nine months. Therefore, top decision-makers must prioritize cybersecurity and allocate budgets accordingly.
To promote collaboration and bring IT staff into the fold, schools should participate in organizations like the Multi-State Information Sharing and Analysis Center and the K12 Security Information exchange. These communities share best practices and offer peer support for K–12 security leaders.
Creating a cybersecurity-first culture should include strengthening best practices, starting with simple cyber hygiene. Implementing multi factor authentication across all school systems is a good starting point. MFA provides an additional layer of defense that goes a long way toward hampering threat actors’ plans. Unpatched vulnerabilities are another big threat that organizations face, and schools should ensure that their IT departments focus on patching these vulnerabilities to shrink their attack surfaces.
The education sector is often hampered by small budgets, and cybersecurity is no exception to this. Recent research reveals that the average school delegates only 8 percent of its IT budget to security, and 20 percent of schools spend less than 1 percent on security. To address this, administrators should reallocate already scarce funds towards prevention rather than remediation after an attack.
In conclusion, we need to start taking cybersecurity in schools more seriously. Education leaders need to prioritize cybersecurity to protect schools and students. Creating a cybersecurity-first culture that includes strengthening best practices and participation in cybersecurity communities is crucial. By investing in cybersecurity, we are investing in our children’s future.
This blog was written by the Activated Solutions team. If you are a business owner or an individual concerned about your cybersecurity, it's time to take action. Activated Solutions can help you to protect your business and personal data from potential cyber threats.
Contact Activated Solutions today to learn more about how they can help you protect your business. With our expertise and commitment to cybersecurity, you can have peace of mind knowing that you are taking proactive steps to protect yourself and your business from potential data breaches.
For more information, please visit: activatedsolutions.ca.
Comments