Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
School districts around the country know they have to get better at protecting against cyber threats, but often lack the resources and funding to properly manage the risks posed by threat actors.
That’s the topline finding from a new Center for Internet Security/Multi-State Information Sharing & Analysis Center (CIS/MS-ISAC) assessment.
“Budget constraints remain the number-one challenge facing EdTech leaders,” CIS analysts wrote in their assessment. “Although budgets have increased over the years, so have the IT areas that budgets must fund.”
CIS is a nonprofit that works with the federal government’s Cybersecurity and Infrastructure Security Agency (CISA) against cyber threats. MS-ISAC is a CIS and CISA program.
In the November 13 report, CIS “collected first-hand data for the 2022–2023 school year through the Nationwide Cybersecurity Review (NCSR), feedback from MS-ISAC members, and data from the CIS Security Operations Center (CIS SOC)” to help districts understand the current threat landscape and make informed decisions about how to protect their data.
In addition to finding that districts are underfunded and under-resourced, the analysis indicates that they’re still at heightened risk for ransomware attacks, and that, while there has been some improvement, security maturity is still lacking. IT Brew reported in August that even in cases when districts pay the ransom, private information can still make its way online—emphasizing the danger of this attack tactic to students and school personnel alike.
Four out of five survey respondents named lack of funding as the top challenge facing school districts, with “increasing sophistication of threats” and a “lack of documented processes” coming behind, at 59% and 58%, respectively. Staffing is also an issue; 90% of K–12 districts polled reported that they had under five security employees.
CIS and MS-ISAC recommend that districts emphasize basic security measures like multifactor authentication, train users how to spot scams, and prioritize the repair of known and existing vulnerabilities. Districts are also recommended to game out their responses to potential attacks. In North Dakota, as IT Brew reported in June, students are learning about cyber safety and preparedness in school, adding to the security posture of the state as a whole.
“K–12 organizations can use tabletop exercises to consider different risk scenarios, prepare for potential cyber threats, and identify tactical strategies for securing their systems,” CIS analysts wrote. “Tabletop exercises are designed to help organizations consider different risk scenarios and prepare for potential cyber threats.”
Further, districts are encouraged to join MS-ISAC and use its resources, like the indicator sharing program, to protect their information. An MS-ISAC membership is free for governmental organizations.