This article has been indexed from The Duo Blog
Getting K-12 schools online during a pandemic was difficult enough. To make it even harder, schools are dealing with rising volumes of cyberattacks. These incidents come from all directions: criminals targeting schools to make money from stolen personal information and compromised emails; insiders looking to disrupt classes and online meetings; and opportunistic attacks that take advantage of unprotected systems.
What’s the Current Threat Landscape?
The number of publicly disclosed cybersecurity incidents affecting K-12 school systems rose by 18% in 2020 over the previous year, according to The State of K-12 Cybersecurity: 2020 Year in Review report by the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange.
The top kinds of attacks were:
- 45% Denial of Service
- 36% Data Breach/Leak (75% of these involved vendors and other partners)
- 12% Ransomware, increasing in severity over previous years (including extortion)
K-12 schools also saw an increase in disruptive cyberattacks (most of which were conducted by those with legitimate access) which did not meet the definition of a breach, but nonetheless caused concern:
- Class invasions (Interrupting online class sessions)
- Meeting invasions (Interrupting online board meetings)
- Email invasions (For example, using email to bulk-share disturbing images)
These incidents are alarming, disruptive and costly. Some ways that they impact schools and their communities include:
- Disruption of teaching and other school activities
- Financial loss due to business email compromise
- Cost of ransomware payments, and related recovery activities
- Data theft of students and employees, leading to credit card fraud and identity theft
- Exposure of children to disturbing content
Why are K-12 Schools a Target?
K-12 schools are resource limited, particularly for up-to-date technology and security solutions. They rely on a small number of IT staff who wear multiple hats, often with limited security experience. These teams support large personal data repositories, including historical student records and personally identifiable information. Organizatio
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Leveraging Zero Trust to Protect K-12 Communities from Cyber Threats