This marked the second time the federal Cybersecurity and Infrastructure Security Agency (CISA) has convened the National Summit on K-12 School Safety and Security, and the event came just months after federal agencies announced a nationwide effort to ramp up public information and support around school cybersecurity.
Schools and school districts hold troves of sensitive information, from employee financial information to students’ mental health records. At the same time, schools, like much of government, struggle with legacy technology as well as limited staffing, training and/or budgets for cybersecurity, said Terry Loftus, CIO and assistant superintendent of the San Diego County Office of Education, during the summit.
Hackers and cyber insurers are both increasingly aware of the mismatch between the high value of school districts’ data and their typically limited resources. Hackers are making frequent attacks, while insurers are raising prices and tightening restrictions.
“For K-12 schools, cyber incidents are so prevalent that, on average, there’s more than one incident per school day,” said CISA Director Jen Easterly during the summit.
The problem is global, too, and 2022 saw malware attacks targeting K-12 organizations worldwide rise 323 percent year over year, and ransomware attacks on K-12 and primary schools rise 827 percent, per cybersecurity company SonicWall.
Public entities are especially likely to face frequent attacks and to see attackers penetrate defenses, Loftus said. In light of this, cyber insurers are raising policy renewal prices, declining to write new cyber policies or requiring policyholders to follow more cyber controls.
Read the full article by clicking on the title link.