Cybersecurity Body Presents Essential Guidelines for Enhancing Digital Security in K-12 Educational Institutions
The Cybersecurity and Infrastructure Security Agency (CISA) has published a report outlining a set of voluntary goals aimed at improving the cybersecurity posture of under-resourced K-12 schools across the United States. The report, released on Tuesday, highlights the increasing number of cyberattacks on schools and the need for increased budgeting and support mechanisms.
According to the report, the number of cyberattack incidents on U.S. K-12 schools has risen significantly over the past few years. In 2016, fewer than 100 incidents were reported, but this figure skyrocketed to over 1,300 in 2021. This trend poses a significant threat to the 50 million students attending these schools.
To address this issue, CISA has proposed 37 voluntary goals that serve as a roadmap for under-resourced organizations in the K-12 sector. These goals are considered a "floor, not a ceiling" for reducing cyber risk, offering a starting point for schools to improve their cybersecurity measures.
The six most impactful security measures identified by CISA include multifactor authentication, vulnerability patches, performing and testing backups, minimizing exposure to common attacks, developing and exercising an incident response plan, and creating a training and awareness campaign.
However, the report acknowledges that the insufficient resources in K-12 schools create challenges that could inhibit progress on CISA's recommendations. The resource shortfall is a major constraint to implementing effective cybersecurity programs across all K-12 entities.
CISA emphasizes that the recommendations are not exhaustive but serve as a starting point for addressing the cybersecurity challenges faced by K-12 schools. The agency acknowledges that K-12 schools are resource-constrained, with most school districts having insufficient funding and IT staffing levels. As such, the agency encourages schools to prioritize these recommendations based on their unique needs and resources.
The report from CISA is a crucial step towards strengthening the cybersecurity posture of U.S. K-12 schools and protecting the sensitive information of students and staff. By following these recommendations, schools can reduce their cyber risk and create a safer environment for learning.
