DECEMBER 29 – The number of reported cyber incidents in K-12 schools and districts in the U.S. stands at 1180. Covid-19 and the introduction of remote and hybrid learning have only made cybercrime more frequent and sophisticated in the education sector. In the past 30 days, Microsoft Security Intelligence has seen 8,253,516 devices in the education industry encounter malware, making education the largest affected industry in front of retail, healthcare, and high-tech.  That number will only increase in the new year.

The K-12 Cybersecurity Act of 2021 was passed by President Biden on October 8th. This legislation comes as a direct response to the growing rise in ransomware and data breaches occurring in K-12 education, as found by the Government Accountability Office (GAO).

From the day of its passing, the director of the Cybersecurity and Infrastructure Security Agency (CISA) is to conduct a 120-day study into the specific risks impacting K-12 institutions.

60 days after the study, the director will develop a list of recommendations, including cybersecurity guidelines designed to assist K-12 institutions with potential crimes.

120 days after this, the director will then develop an online training toolkit for K-12 superintendents and officials, both to inform them of the recommendations of the study and to provide strategies on how to implement those recommendations.

Last year, the K-12 Security Information Exchange (K-12 SIX) reported the types of incidents and growing threats present in 2020. Cybercrimes included: Data breaches, class invasions/denial of service, ransomware, and phishing. Such common incidents occurring recently range from holding personal student information for ransom to hijacking a superintendent’s board meeting to project racial slurs.

One explosive incident occurred in March with Buffalo Public Schools, where hackers were able to shut down classes for days, steal sensitive student and employee information, and destroy vital school records. This attack resulted in a $10 million pay-out. A recent exclusive found that IT staff were cautious of an attack months prior, but due to bad judgment and an absent cyber insurance policy, they failed to stop the attack.

The transition into hybrid working has shifted the priorities of IT staff and cybersecurity managers, creating a brittle environment in which they have little experience of working. These attacks have followed a distinct pattern, in which specific types of cybercrime have been identified. The range and scope of these incidents have also been tracked across America.

A team of researchers at CompariTech studied data breaches in U.S. schools across 15 years. The highest number of recorded breaches were found in Nevada with 717,626 exposed records.

Districts most affected included Washoe County (114,000) and Clark County (559,487), both were hit by the Pearson data breach, as were many around the U.S. Regarding ransomware attacks, CompariTech found Nevada again to be the most affected, followed by Texas, Virginia, and Maryland. From both data breaches and ransomware attacks, big school districts have been affected the most by cybercrime.

Dr. Hanine Salem, a managing director at Novus Consulting Group (NCG), who has over 20 years’ worth of experience in public-sector development, explains what types of schools are most exposed to these incidents. “According to research from the K12 Security Information Exchange: larger school districts are at a significantly greater risk for experiencing a cyber incident than other types of school districts, as are school districts located in more densely populated parts of the county. It reports that there are a few reasons that might explain this pattern. First, larger school districts manage more technology devices and systems than smaller enrollment districts and have more students and employees using that technology. Smaller enrollment translates to offering a smaller threat profile to malicious actors and a lower chance of being affected by user actions (whether intentional or by mistake). Second, incidents that occur in smaller school districts may be less likely to become publicly disclosed than in larger, more urban school districts.”

Interestingly CompariTech found no incidents of breaches in Wyoming. According to Governing, Wyoming has one of the smallest numbers of school districts (48), and lowest student enrollments (92,563). These numbers are in parallel to high-risk states like California and Arizona, which were hit the hardest with data breaches. Their total number of districts are (941) and (226), respectively.

There is a clear pattern indicating that schools and districts that deal with a larger number of students, thus larger volumes of information, are most affected by cybercrime.

Dr. Hanine Salem explains how schools are not doing enough to protect and inform students about the cybercrime affecting them.

“With federal funding as a result of COVID, right now, schools have a unique opportunity to pay for training courses like the Cyber Citizenship course.” Said Dr. Salem. “If a school, is improving cybersecurity to better meet the educational and other needs of students related to preventing, preparing for, or responding to COVID-19, it may use Elementary and Secondary School Emergency Relief Fund (ESSER) funds.”

NCG’s Cyber Citizenship course was designed to teach students the fundamentals of cyber security and how to stay safe online when using technology. Non-governmental cybersecurity platforms have been tirelessly providing online resources and information on cybersecurity since before the pandemic, and have only been developing their services. K-12 SIX has their K-12 Cybersecurity Resource Center, which provides an up-to-date map of recorded cybercrime incidents in K-12 schools, and a cybersecurity self-assessment service intended for K-12 IT and cybersecurity managers. Fortinet and Dell Technologies also provide cybersecurity software and information for K-12 schools and districts, with solutions for network and cloud security. Along with these companies, there are numerous courses available online concerning K-12 cybersecurity and how to stay safe online from Coursera to Udemy.

EdTech companies are holding the fort for both assisting schools with their security and teaching students about cybercrime.

“Students need to learn to be their own best defense against cybercriminals. Children and youth are often considered to be soft targets, mainly because they have not yet been trained on basic cybersecurity subjects and ways to protect themselves and their devices, making them an easy gateway into the more valuable home and school devices and networks.” Said Dr. Salem.

The results of the CISA director’s study will be revealed in early 2022. With a large amount of information and resources available online from EdTech companies and organizations, the government can provide K-12 schools with a stronger line of defense from recurring cybercrime.

Featured Image: Mikhail Nilov. 

The post The K-12 Cybersecurity Act of 2021 and The State of Cyber Crime in Education appeared first on eLearningInside News.

Even before the pandemic forced everyone inside, our culture was slowly but surely drifting towards the integration of technology. For proof of this, look no further than the development of smartphones and the subsequent generations of the most popular models; each one sleeker, more efficient, able to connect us to the digital world quicker, and with the ability to run applications and perform vital functions more smoothly. All of this is in the palm of our hands 24-7, nevermind the proliferation of devices like laptops and tablets; The next generation was practically born with a tablet in their hands, and if memory serves, tablets are actually being developed for children, albeit with an educational bent.

With the advent of the fourth industrial revolution, it’s likely that the future of the working world also lies in digital spheres. Amidst a labor shortage brought on by the pandemic, it’s employees that can work in these spheres and assist corporate colonization of these places that are in the highest demand. If you’re one of the individuals looking to remake their lives in the aftermath of the pandemic, switching career paths to something more likely to make money as time goes on, you may want to consider a career in the technological sphere.

While not an exhaustive list of the jobs and opportunities out there, this article seeks to give you a jumping-off point for selecting your next career, with a couple of options to serve most personality types and work styles.

Let’s take a brief tour of careers that will be more secure as technology continues to develop.

App Developer: An Entrepreneurial Gold Rush

While hardly the most stable option on this list, there is a lot of money to be made in the app development market should you succeed. App development centers are coming up with an idea that will patch an existing hole in the market, building a marketable program around it, and then attempting to (essentially) go viral, attaining a skyrocketing amount of downloads and frequent users. The problem with this is that you can never be sure what will catch on; The app market is famously fickle, and even if your app does manage to get attention, it’s unlikely that your user base will continuously use it for long.

However, you can circumvent this problem, should you choose to go down this path, by using application program interfaces or APIs. APIs allow your software to integrate with an already existing framework of programs used by customers, adding functionality and longevity to your application. APIs such as weather APIs can turn your application into a swiss army knife of useful functions, making it more likely that your consumers view your app as vital or necessary to keep on a device.

UX or UI Web Designer: Architects of the Net

A more stable career option might be becoming a user experience (UX) or user interface (UI) web designer. Both of these categories of web design work together to design products that consumers will find easy to navigate and visually appealing, and both are in high demand as corporations look to renovate their shabby websites and expand their online presence. Web designers get paid around $60,000 annually on average, and with the variety of job opportunities available post-pandemic, creative people with programming know-how might want to consider this extremely lucrative career opportunity.

Cybersecurity Specialist: Protecting and Serving

Cybercrime has been a problem ever since the inception of the World Wide Web, with ne’er do wells looking to take advantage of the new platform to steal from the vulnerable; this has only gotten more true as technology has developed and become more sophisticated. In fact, cybercrime is projected to hit just under $1 trillion in global losses as of 2020, with the pandemic providing ample opportunity for these criminals to thrive. As such, cybersecurity officials have never been in higher demand as businesses attempt to protect their assets and data from digital pirates.

Rake in the Profit

As technology continues to evolve and businesses try to expand their influence in digital spheres, officials with the know-how and the qualifications to help companies adapt to digital culture will become more and more valuable. Take advantage of the opportunities created by this national labor shortage; Switch to a career in the digital sphere today.

Featured Image: Anthony Shkraba. 

The post 21st Century Careers: The Technological Revolution and Viable Career Paths appeared first on eLearningInside News.

As Covid variants make the current school year for both K-12 and higher education a continued balance of hybrid and in-person learning, education institutions are staying firmly in the crosshairs of cyber attackers. Just recently, Stonington Public Schools in Connecticut was forced to bring in a wave of the third-party breach investigation, mitigation, and response experts — and even seek assistance from the FBI — after it fell victim to a ransomware attack. And before that, an attack on Howard University that compromised its network and rendered WiFi unusable forced the school to cancel all its online and hybrid undergraduate classes.

Indeed, when vulnerable schools fall into the hands of crafty cyberattackers, the fallout is often dismal from both a monetary and reputational standpoint, but also because of the severe inconvenience caused too. A concerning reality for teachers, administrators, and IT teams across the country as they seek to protect the post-Covid classroom, where distance learning will undoubtedly remain in some capacity for the foreseeable future.

And while the Biden Administration’s recently signed K-12 Cybersecurity Act is a positive step forward for schools preparing for the future, the state of cybersecurity in education is one with a lot of room for improvement. Because the reality is that every educational institution is under more pressure than ever before to protect its endpoints against attackers who are becoming harder and harder to detect. The number of U.S. educators who say hackers targeted their school or institution is multiplying year-over-year is evidence of this, with the number of K-12 schools attacked jumping from just 9% in 2020 to 21% in 2021.

Unfortunately, there are warning signs that this is only going to get worse post-pandemic. Here are three lessons to help school districts and universities reverse this, and strengthen their classroom cybersecurity.

School Boards Need to Speak Up on the Cyber Threats Endangering Classrooms

The cybersecurity crisis has dominated headlines almost as long as Covid has. Yet, it seems like school boards have been relatively lax when pulling together a strategy to thwart attack attempts — or even talk to their teachers about the severity of the crisis. According to Morphisec’s 2021 Education Cybersecurity Threat Index, which surveyed 500 U.S. educators to gauge how increasing cyberattacks have impacted them, just 17% of superintendents or chancellors and 15% of school boards have expressed concern about the threat of ransomware to their institution.

This silence is placing students’ and teachers’ data at even greater risk, as school boards’ delay in educating their staff about the escalating consequences of cyberattacks means some educators are probably not aware of how damaging they have become. This silence also leaves their school or institution more susceptible to attack. Cybercriminals will likely have more vulnerabilities to exploit within a district or organization that doesn’t treat cybersecurity with the sense of urgency it deserves.

In the post-Covid classroom, where hybrid learning will be a long-term reality, superintendents, chancellors, and school boards must become more vocal on the cybersecurity issues threatening continuous learning and the safety of their most sensitive data. Failure to do so will undoubtedly have negative consequences, something the laxest districts and institutions shouldn’t wait to find out after they become a victim of a cyber attack.

IT Teams Must Call into Question Their Vendors’ Security Hygiene

This year’s supply chain attacks like the devastating SolarWinds and Kaseya breaches will go down in history as among the largest cyber attacks. They’re also becoming increasingly popular, due to how they allow attackers to target hundreds or even thousands of organizations by infiltrating just one. Data from the Identity Theft Resource Center (ITRC) shows that supply chain attacks increased 42% in the first quarter of 2021 and impacted about 7 million people in the U.S. This is why it’s unsurprising that 40% of U.S. educators believe third-party vendors pose the biggest cybersecurity risk to their school or institution, more dangerous, they say than students (31%), faculty (24%), and parents (5%).

These concerns are certainly substantiated, with a March attack on Austin ISD proving that schools remain vulnerable to their third-party vendors’ security flaws. Austin ISD was breached when one of its technology providers, PCS Revenue Control Systems, was hacked. Even the SolarWinds attack, which prompted a probe from the U.S. Securities and Exchange Commission, affected several colleges and universities, including Kent State University, The University of Texas at San Antonio, and Iowa State University. Meanwhile, Kaseya’s breach disrupted learning and forced 11 schools in New Zealand offline.

With the frequency of these types of attacks likely to increase — alongside the damage, they have the potential to inflict — IT teams and education decision-makers need to put more pressure on their third-party vendors to boost their cybersecurity protocols.

Decision-Makers Need to Allocate More Cybersecurity Resources to IT

Schools and education institutions across the country have been trying for too long to fend off attackers with few resources. A reality that has disproportionately impacted public schools and state colleges, whose funding sources are far less prominent than larger, private institutions. As mentioned prior, this is something the current Administration is addressing through the K-12 Cybersecurity Act and also within its $1 Trillion Infrastructure Bill, which has set aside money for state and local governments and school districts to protect themselves from worsening threats. Yet the question remains as to whether or not these districts and institutions will leverage this funding. As it turns out, some don’t have the best track record.

According to Morphisec, just 18% of U.S. educators say they’re aware of their educational institution or school inquiring about government grant programs and initiatives designed to assist them with implementing strong cybersecurity standards and protocols. This is despite 44% stating that they believe providing their IT department with more resources would be most valuable to their school to handle cybersecurity. The current cybersecurity landscape is far too dangerous for it not to be a top budget priority. And in truth, investing in an effective security strategy is a lot less costly than falling victim to ransomware, with the average victim spending more than $2 million on remediation costs alone.

However, tackling this crisis is most definitely a collaborative effort between school boards, administrators, educators, and students. They must all educate themselves on the specific threats targeting their counterparts across the country. There must be pressure from parents too, who have demanded little of their children’s educators until now. (Only 18% of K-12 and higher-ed educators say that more parents have inquired about their institutions’ cybersecurity policies over the past year-and-a-half of remote-first learning versus the prior 18 months). As these learning institutions prepare for the post-Covid classroom, reducing their attack surface within in-person and remote learning environments must be prioritized.

Featured Image: Sigmund, Unsplash

The post The State of Education Cybersecurity: 3 Lessons for Protecting the Post-Covid Classroom appeared first on eLearningInside News.

Last week, the Federal Bureau of Investigation (FBI) issued a PSA regarding student cybersecurity. The announcement warns of the growing threat to student data as more and more learning goes online.

In today’s age, cybersecurity is always a concern. From network admins to average civilians who simply shop online, protection of personal data needs to remain an ever-present worry. And that is no more so than with K-12 learners who, increasingly, travel the hallways of the internet at school and at home to pursue their education.

From log in information to personalized learning software, students are frequently asked to provide networks with personal data. The FBI identifies these as:

• personally identifiable information (PII);
• biometric data;
• academic progress;
• behavioral, disciplinary, and medical information;
• Web browsing history;
• students’ geolocation;
• IP addresses used by students; and
• classroom activities.

The list is not exhaustive. While federal laws, such as the Family Educational Rights and Privacy Act (FERPA) generally stipulates that parents need to give consent before a school can collect their child’s data, there are numerous loopholes and workarounds. 

FBI Confirms Numerous Recent Cybersecurity Threats in Edtech

Fear is always a strong motivator, and there are many cases in which parental concern over student data collection appears overblown. With the PSA from the FBI, however, this is an issue that should be treated seriously. The announcement details recent cases of district data breaches.

“In late 2017, cyber actors exploited school information technology (IT) systems by hacking into multiple school district servers across the United States,” the PSA reads. “They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information. The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets. In response to the incidents, the Department of Education released a Cyber Advisory alert in October 2017 stating cyber criminals were targeting school districts with weak data security or well-known vulnerabilities to access sensitive data from student records to shame, bully, and threaten children.”

NEWS: @FBI raises alarm about risks to students from data collection by technology in schools, warning of potential "malicious use" of data that are part of "the widespread collection of sensitive information by #EdTech."https://t.co/zqjd06CDWQ

— Benjamin Herold (@BenjaminBHerold) September 13, 2018

Edtech companies, according to the FBI, are no less secure.

“Cybersecurity issues were discovered in 2017 for two large EdTech companies, resulting in public access to millions of students’ data. According to security researchers, one company exposed internal data by storing it on a public-facing server. The other company suffered a breach and student data was posted for sale on the Dark Web.”

The announcement calls specific attention to classroom gadgets and IoT devices–which are growing popular in classrooms–and how they tend to be easy ports of entry.

“EdTech connected to networked devices or directly to the Internet could increase opportunities for cyber actors to access devices collecting data and monitoring children within educational or home environments. Improperly secured take-home devices (e.g. tablets, laptops) or monitoring devices (e.g. in-school surveillance cameras or microphones), particularly those with remote-access capabilities, could be exploitable through cyber intrusions or other unauthorized means and present vulnerabilities for students.”

What You Can Do to Prepare

For a recommended course of action, the FBI says the following:

• Research existing student and child privacy protections of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), and state laws as they apply to EdTech services.
• Discuss with their local districts about what and how EdTech technologies and programs are used in their schools.
• Conduct research on parent coalition and information-sharing organizations which are available online for those looking for support and additional resources.
• Research school-related cyber breaches which can further inform families of student data vulnerabilities.
• Consider credit or identity theft monitoring to check for any fraudulent use of their children’s identity.
• Conduct regular Internet searches of children’s information to help identify the exposure and spread of their information on the Internet.

Featured Image: J. Edgar Hoover Building, FBI headquarters, Washington, D.C. Cliff, Flickr.

The post FBI Warns of Increasing Cybersecurity Risks at School appeared first on eLearningInside News.