In March, the Biden Administration released the latest guidance aimed at improving the cybersecurity practices of Federal agencies. The National Cybersecurity Strategy builds on the Executive Order for Improving the Nation's Cybersecurity that makes cybersecurity a strategic focus of every agency. This latest guidance drills further into the actions needed to ensure that government systems and citizen data are protected against the ever-evolving threat landscape.
The goal of the strategy is to "rebalance the responsibility to defend cyberspace" and "realign incentives to favor long-term investments." To do this, the responsibility for cybersecurity must be shifted to the organizations that are most capable and best-positioned to reduce risks. It points out that, "a single person's momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences." While security is the responsibility of everyone, small businesses, small localities, and individuals simply do not have the resources to support the security needed to protect systems and data. Instead, the guidance proposes new incentives to favor long-term investments in security, resilience, and new technologies. Continue reading
Ransomware has traditionally been a practice where cybercriminals encrypt data and demand ransom in exchange for a decryption key. More recently, a growing number of these bad actors threaten to make this information public if they do not get paid. This shift in the practice of ransomware has increased the "attractiveness" of K-12 schools for cyber criminals. Information about children is among the most highly protected data there is, making it more likely ransoms will be paid to keep it private. For this and other reasons, K-12 schools are seeing an increase in ransomware activity. In 2021, there were at least 
