Evolving Security Threats Require Evolving Solutions for Today’s Schools and Districts
According to the 2022 State of K-12 Cybersecurity: Year In Review, there were 166 cybersecurity incidents affecting 162 school districts in 38 states. Oddly—considering the sophistication of cyberhackers—this was fewer than in years past, perhaps due to school-district response to the COVID pandemic and the fact that school districts are being forced to implement commonsense cybersecurity controls as part of insurance conditions. One of the reasons, however could be that K-12 cyber incident public disclosure requirements have relaxed, meaning that this reduced number of incidents could simply be under-reporting.
Regardless, there’s no denying that the world of cybersecurity has evolved to match the advanced, persistent threats our schools face. Just ten years ago, placing a firewall on a network was enough to adequately protect them from data loss. With threats growing in number and sophistication, many organizations are finding that traditional security products are less and less capable of protecting their networks. This is driving the need for a different approach to security.
As essential as email and internet access are for modern education, hackers view these as a door into a school’s networks and sensitive information. Spam filters have gotten better at stopping unsolicited and undesirable emails, but the variety and ingenuity of attacks is growing.
The rapid adoption of hybrid cloud and modern architectures has resulted in a loss of visibility and control for many schools and districts. Devices are proliferating and the network perimeter has all but disappeared, leaving school IT teams struggling to protect their students, educators, and administrators.
Moving Perimeter Targets
More data, users, devices, applications, and services are being used outside of the traditional school, which means the perimeter is no longer a location; it is a set of dynamic edge capabilities delivered when needed as a service from the cloud. It also means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources.
The National Institute of Standards and Technology's (NIST) Cybersecurity Framework (CSF) helps schools and districts to better integrate and align cybersecurity risk management with broader risk management processes. The Framework consists of five phases/concepts: Identify, Protect, Detect, Respond, and Recover: provide a comprehensive view of the lifecycle for managing cybersecurity risk over time.
In July 2021, President Biden signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems: intended to supplement the NIST Cybersecurity Framework. This baseline set of cybersecurity practices is broadly applicable across critical infrastructure with known risk-reduction value and serves as a benchmark for critical infrastructure operators to measure and improve their cybersecurity maturity.
Another highly effective cybersecurity philosophy is a Zero-trust mindset. This includes having modern technologies in place such as Identity and Access Management (IAM). In addition, schools must build a security framework for enabling secure and fast cloud adoption to ensure that both users and devices have secure access to applications, data, and services anywhere and anytime through Secure Access Service Edge (SASE).
Microsoft Security Solutions for Education
By identifying strategic issues, assessing the impacts of policies and regulations, leading by example, and driving groundbreaking research, Microsoft promotes a more secure online environment for schools through powerful solutions. Microsoft is the industry leader for customer advocacy and privacy protection and has the broadest set of compliance certifications, having invested $20 billion in security research and development involving over 3,500 cybersecurity experts. Microsoft models its security tools on the Zero Trust mindset that assumes breach and minimizes risk.
Firstly, Microsoft 365 A5 provides a comprehensive suite of tools that helps ensure safety and compliance. A5's optimal security is ideal for educators, students, and administrators while A3's standard security is ideal for substitute teachers, aides, and other support staff.
Microsoft multifactor authentication (MFA) adds a layer of protection to the sign-in process and helps protect your organization against security breaches. Microsoft Authenticator— part of Microsoft’s MFA solution—is a password tool that helps to eliminate 99.9% of identity attacks, while the Microsoft Edge browser protects against phishing attacks. In fact, according to CyberRatings.org, the Microsoft Edge browser has been reported to block the most phishing and malware attacks of common browsers.
Key Steps for Security Success
An endpoint security conversation proactively addresses the following key steps.
- Assess needs: To implement the best endpoint protection strategy to boost security and reduce network risk, a school will need a clear picture of assets needing protection.
- Once we’ve assessed the types of devices that need protection and where they reside, it’s time to determine the most appropriate way they’ll be managed.
- After examining what assets need protection and how they’re managed, the next step is looking at threat detection and how a school will respond.
As technology develops and advances, cybercrime will increase in frequency and sophistication, with many schools and districts at risk. By answering the following questions, schools can find the cybersecurity solution that works best for them: protecting vital information and invaluable learning time.
Leading Questions Questions
Chief Information Security Officers (CISO) should ask themselves:
- How is my district preparing to address malware and ransomware encounters?
- What are the security and compliance policy gaps in our system? How might we identify and resolve these issues?
- How does data transparency impact our users today, when they graduate, and into their adulthood?
Schools used Elementary and Secondary School Emergency Relief (ESSER) Funds received in 2020 to accelerate learning, often purchasing devices. Years later, districts are refreshing the devices that were initially purchased. Help them maintain a safe and engaging environment for teaching and learning with built-in anti-virus solutions included in Windows 11 student devices.