The K-12 Cyber Incident Map
The K-12 Cyber Incident Map, a visualization of publicly disclosed school cyber incidents from 2016 to present. Maintained as a public service by K12 SIX.
ContraForce, a SaaS cybersecurity platform based in McKinney, TX, was notified yesterday of a security breach in a local intermediary school district. Seesaw—the popular EdTech platform used by the district—experienced a major cyber attack, affecting the district along with other schools across Illinois, New York, Oklahoma, and Texas.
The messaging app, used to enable communication between students, parents, and school administrators, was infiltrated by an unknown threat actor. An explicit photo was sent through the platform with a bit.ly link, raising concern across parents and teachers alike.
Seesaw has over 10 million users and is actively used in more than 75% of schools in the United States, according to their website.
In early January, Illuminate Education, a leading provider of student-tracking software exposed sensitive data of over three million current and former students.
Then in May, a ransomware attack on Chicago Public School (the third-largest district in the country) exposed four years' worth of records of nearly 500,000 students.
Baltimore Public School District just paid over $8 million dollars to recover from their 2021 data breach.
While similar headlines frequent the news, it is unknown how much student data is actually impacted with no mandated reporting in the education space. With the information known, K-12 is expected to experience one cyber incident per school day.
The need to protect student data is critical.
Understanding The Data at Risk
School systems are privy to massive amounts of personal data— for students, records consist of demographic information, disabilities and Individual Education Plans (IEPs), mental health and medical history, counseling records, and more. For teachers and administrators, this also includes salary information, HR records, and other private data.
Schools are more reliant on technology than ever, largely due to the COVID-19 pandemic and the increase of EdTech software used both in and outside of the classroom. This dramatically increases the ability of cybercriminals to infiltrate the school's network, users, devices, and cloud applications— providing access to a wide array of additional targets, including the EdTech software itself and its respective customers.
"The pandemic led to an explosion of EdTech products for schools in a very short time span, and we are still seeing the effects of that influx of products today," says Beth Ferrigno, CEO and Founder of Innovative Instructional Solutions. "Schools look for convenience and academic purpose, while data privacy and security take a back seat. Moving forward, district leaders will need to consider cybersecurity as they purchase new solutions and uncover the tools that don't meet stricter standards."
Making Cybersecurity More Accessible
From the education sector to government facilities and every industry in between, cybersecurity is a daunting task. Even large, enterprise-level businesses struggle to keep their businesses secure (including Samsung, T-Mobile, and Twitter, to name a recent few). With an oversaturated market and an inevitable learning curve for IT teams, cybersecurity management is less accessible despite being more critical than ever.
Adding insult to injury, cybersecurity solutions are infamously expensive. The average cyber security professional in the United States is over 117,000 dollars, and there's a severe tech talent shortage: there will be an estimated 3.5 million unfilled security jobs by 2025, per Cybersecurity Ventures.
For entities prepared to invest in cybersecurity tools, identifying the appropriate tech stack (and whom to manage the tech stack) is a heavy lift. Most schools rely on Microsoft Office 365 or G-Suite, along with antivirus software, a slew of EdTech SaaS applications, and more.
"Cybersecurity isn't a nicety, it's a necessity," says Stanislav Golubchik, CEO and Co-Founder of ContraForce. "Most school systems, especially public school districts, lack a healthy IT department, let alone a team of dedicated security analysts. We need to make cybersecurity more accessible by closing the learning gap and creating cost-effective solutions."
To help support school districts combat cyberattacks, ContraForce is offering free support with its cybersecurity automation platform. Interested parties can reach out via email at [email protected].
Vice President, Marketing
Press Release Service by Newswire.com
Original Source: Massive Uptick in Cyber Attacks Puts Student Data in Grave Danger
This news story originally appeared at IT - Social Gov on 15 September 2022