Skip to main content
close search
site logo
Dive Brief

K-12 schools lack resources, funding to combat ransomware threat

Published Nov. 14, 2022
David Jones's headshot
Reporter
A row of blue lockers in an empty school hallway.
During the Cybersecurity and Infrastructure Security Agency's National School Safety Summit on Tuesday, experts outline best practices to keep in mind for school violence prevention efforts. Stock Photo via Getty Images

Dive Brief:

  • K-12 schools remain a major target for malicious cyberattacks, according to a report released Monday from the Multi-State Information Sharing and Analysis Center. Schools are a potentially lucrative target for stealing data and financial gain but largely unprepared to mitigate such activity. 
  • The average school spends about 8% of its IT budget on cybersecurity, the report found. But 20% of schools spend less than 1% of their IT budgets on security. 
  • K-12 schools have an average maturity score of 3.55, based on the Nationwide Cybersecurity Review risk-based scale of 1 through 7.

Dive Insight:

The report comes weeks after the Cybersecurity and Infrastructure Security Agency announced a plan to enhance the implementation of cybersecurity basics in local communities, with a focus on hospitals, local utilities and schools

CISA Director Jen Easterly said that many of these organizations are target rich and resource poor; they present lucrative sources of personal data that can be used by threat actors, but lack the necessary expertise, modern technology and funding to protect themselves against increasingly sophisticated threat actors. 

Schools tend to be the targets of both financially motivated and hacktivist-type threat actors and they often target schools with ransomware attacks, according to Karen Sorady, MS-ISAC VP of member engagement. 

Ransomware is the most damaging type of attack in terms of downtime and total cost for schools — it can take months to remediate, with costs easily surpassing $1 million. 

“These types of attacks can lead to disruption of education as well as access to private data on thousands of teachers, staff and students, including health records, home addresses and dates of birth,” Sorady said via email. 

The emphasis on K-12 schools comes as many of these facilities are hosting full-time, in-person education for the first time since before the coronavirus pandemic began in 2020 and students can ill afford a major disruption of classes. 

In September, the Los Angeles Unified School District was targeted by a ransomware attack that researchers and authorities linked to the Vice Society, a group that leaked stolen data on the dark web. 

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell