Enhancing Cybersecurity in Education: Addressing Threats and Preparing for the Future
- Blue Light Filter, Fireproof Bags, Privacy Filters
- 29 Jul, 2024
As part of our work in the business-to-government (B2G) sector, we largely cooperate with educational institutions, making the topic of cybersecurity in these institutions particularly relevant for us. Recently, we explored the expertise of JAMF, a company with significant experience in this area. They shared their insights and knowledge in the webinar "Balancing Security and Privacy in Education to Support All."
Growing Cybersecurity Threats
The need for enhanced efforts to combat cyber attacks and threats is increasingly evident, especially considering JAMF's data indicating a 40% increase in cyber attacks over the past year. It is clear that “education is becoming increasingly targeted due to the rise in the number of devices and the perceived lack of security in place.” This is despite the data-rich environment in our schools, universities, and libraries, which includes sensitive data such as student records, financial data, and intellectual property.
Confirmed Concerns
The importance of these concerns is underscored by analytical data from organizations such as CISA, CIS, and NIST. Recent reports show that schools and libraries are vulnerable to heightened cybersecurity threats and attacks, often resulting in the disruption of operations, loss of learning, reduced bandwidth, significant financial losses, and the leaking and theft of personal and confidential information.
Vulnerabilities in Education
K-12 schools and libraries are likely to remain prime targets for malicious actors, mainly due to their data-rich environments and often inadequate resources and advanced cybersecurity protections. CIS reports that the surge in cybersecurity threats and attacks has made schools one of the top targets for cybercriminals. The "K-12 Report: CIS MS-ISAC Cybersecurity Assessment of the 2022–2023 School Year" highlights that K-12 leaders, IT, and cyber professionals have encountered significant challenges in recent years. The transition between in-person, virtual, and hybrid learning formats has been complicated by an increasingly sophisticated and evolving cyber threat landscape, making K-12 schools primary targets for cyber threat actors.
Regulatory Measures
Significant steps have already been taken in terms of regulatory measures. The Cybersecurity Act of 2021, along with actions by federal partners to address K-12 cybersecurity concerns, serve as significant examples. In October 2021, the President signed the K-12 Cybersecurity Act of 2021 into law. This legislation directed CISA to assess and report on specific cybersecurity risks affecting K-12 educational institutions, the challenges these institutions face, issues related to remote learning, and the best methods for communicating cybersecurity recommendations and tools.
CISA's Recommendations
In January 2023, CISA released a report recommending that K-12 schools prioritize the most effective security measures, identify and address resource limitations, and enhance collaboration and information-sharing by joining organizations such as MS-ISAC and K-12 Security Information Exchange (K12 SIX). The report also advised building long-term relationships with CISA and FBI regional security personnel. Alongside the report, CISA introduced an online toolkit that expands on these recommendations, detailing key actions and providing free or low-cost tools and resources to help K-12 schools quickly reduce their cybersecurity risks and lessen the chances of cyber-attacks.
Funding Challenges
Funding is also crucial. Considering that 81% of K-12 respondents to the NCSR reported struggling with sufficient funding, the approval of the $200 million Cybersecurity Pilot Program for Schools & Libraries should significantly improve the situation. However, professionals in the higher education field must now view data privacy and security as essential components of their institution's digital presence.
Planning for the Future
In 2024, it is clear that the higher education sector needs to plan and implement changes. Technology vendors serving the higher education market also bear growing responsibility. Vendors need to make sure that their products not only meet current regulations but also foresee future privacy requirements, which is something we are committed to addressing responsibly.