As Students Go Back to School Threat Actors Go Back to Work

School systems are at high risk for cyber attacks because threat actors know they are traditionally underfunded and understaffed, meaning many vulnerabilities may remain open.

Once in, hackers have access to incredibly valuable and personal information on children and their families, leading to ransom requests. In fact, the education sector is now the number one sector for ransomware attacks, with a 44% increase in the past year.

The eye-opening statistics don't stop there.

• The education sector sees an average of 2,297 attacks weekly.
• By the end of 2021, nearly one in three U.S. districts had experienced a breach.
• The monetary losses to school districts following a cyber incident range from $50,000 to $1 million.
• Six months into 2023, at least 120 schools faced a ransomware attack, compared to 188 in all of 2022.

Earlier this year, a ransomware group released leaked data that outlined campus rape cases, child abuse inquiries, student mental health crises, and suspension reports after the district refused to pay $1 million.

With this as the reality, the Biden Administration held the first federal summit to address cybersecurity in U.S. schools, resulting in several initiatives across government and the private sector aimed at combating the threat to our school systems. Initial work includes:

• The establishment of the Government Coordinating Council, spearheading collaboration across schools, local governments and federal agencies on cyberattacks targeting education systems.
• CISA will provide cybersecurity training and K-12 cyber exercises over the coming year to schools nationwide.
• Amazon Web Services is launching a $20 million grant program to provide no-cost cyber incident response assistance and security training resources to schools.
• Fortinet made a new, free security awareness curriculum available to all K-12 school districts.
• The Federal Communications Commission will create a pilot program that will provide up to $200 million over three years as part of the administration's effort to bolster cyber defenses in K-12 schools, particularly those in underserved communities.

Improving cybersecurity will be one of the key topics at this year's annual EDUCAUSE conference. Taking place October 9-12, 2023 in Chicago, IL, this event brings together education professionals and technology providers to network, share ideas, grow professionally, and discover solutions to today's challenges. GovEvents will be at the conference. If you'd like to connect, let us know!

If you can't make it to EDUCAUSE, there are a host of other education technology events and resources on GovEvents and GovWhitePapers to help move the needle on cybersecurity in our schools.

• EdTech Talks 2023 (October 31- November 2, 2023; online) - Over three days, education technology experts will explore the innovative ways that technology is helping schools safeguard learning environments, personalize student experiences and modernize with advancements in data analytics.
• The 2024 National K-12 Cybersecurity Leadership Conference (February 13-14, 2024; Savannah, GA) - This event is designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches.
• Learning Leadership Symposium (multiple cities and dates in October) - Each event is hosted by a local school district in partnership with a regional office of education or service district. To address the unique professional learning needs of each hosting organization and region, a range of content topics will be available to choose from to customize the agenda and experience.
• Cybersecurity Incident Planning for Institutes of Higher Education (white paper) - This guide intends to provide direction and guidance to institutes of higher education seeking to improve their cybersecurity posture through cybersecurity risk management best practices.
• Protecting Our Future: Partnering To Safeguard K-12 Organizations From Cybersecurity Threat (white paper) - Congress recognized this heightened risk environment by enacting the K-12 Cybersecurity Act of 2021, which required the Cybersecurity and Infrastructure Security Agency to report on cybersecurity risks facing elementary and secondary schools and develop recommendations. The report provides insight into the current threat landscape and the K-12 community's capacity to prevent and mitigate cyber attacks.

To stay up to date on all the latest news on cybersecurity and education visit GovEvents and GovWhitePapers for additional events and resources.