NewsNational News


K-12 cybersecurity act aims to keep schools safe amid rise in ransomware attacks

Posted at 1:28 PM, Oct 08, 2021

The pandemic has presented an unprecedented opportunity for cybercriminals, and there are no signs of it slowing down.

Check Point Security found that cyberattacks increased 40% worldwide from 2020 to 2021. Last month alone saw more weekly cyberattacks than any other month since January 2020.

One out of every 61 organizations worldwide is impacted by ransomware attacks every week. The companies most often targeted are education and research institutes.

"We have seen examples of school districts being compromised, not because the school district was the target, but some other more sensitive system — election systems, power systems (were the target)," said Doug Levin, the national director of the nonprofit K12 Security Information. "Federal agencies have really been the target, but they've leveraged that to compromise school district software and technology as a means to attack other even more critical targets."

The federal government has a financial and security stake in helping school districts protect themselves from cyberattacks. That's why today, the K-12 Cybersecurity Act became law.

The law commissions a study to issue recommendations and tools for school districts to defend themselves against hackers, something K12 Security Information has already done.

They've developed essential protections that they say would benefit any district that puts them in place. They've also created a self-assessment tool to measure progress against implementing those standards.

The nonprofit also took into consideration the limitations and abilities of each school district.

"There are many quite elaborate cybersecurity risk management frameworks that already exist, but they are overcooked for school districts capacity for their needs for the amount of money and resources that are available to them," Levin said.

Levin said that districts are essentially low-hanging fruit for threat actors because they are not standards for cyber protection — they manage a lot of money and can be extorted for millions, and they hold a lot of valuable data and sensitive information on students, families and teachers.

"We've seen examples — whether you're talking about very young kids to teachers working in school districts — of credit fraud of tax fraud, and of identity theft, and this can take weeks and months and years to unwind," Levin said.

K12 Security Information Exchange is working with the federal government to help develop cybersecurity standards for school districts.