This year has proven itself challenging in every way in terms of school security, especially when it comes to fending off cyber criminals. From high-profile ransomware attacks to leaks of confidential student and staff data on the dark web, K12 has seen it all.
But that can change.
Three years after its release, the Cybersecurity and Infrastructure Security Agency for the first time updated its #StopRansomware guide this week as ransomware and double extortion continue to plague K12 schools.
For some, this may be a much-needed refresher course ahead of the 2023-24 school year considering the number of targeted cyberattacks, experts warned leaders.
In partnership with the FBI, National Security Agency and the Multi-State Information Sharing and Analysis Center, the guide reflects on lessons learned over the past several years in addition to some recommendations leaders should consider for keeping their student and staff data secure. The recommendations cover best practices for ransomware and data extortion prevention as well as a checklist district and IT leaders can follow.
More from DA: Do school districts stand a chance suing social media giants?
What’s new?
As cyber criminals continue evolving their tactics, it’s imperative for schools to stay one step ahead to mitigate the risk of ransomware. To maintain relevancy and maximize effectiveness, CISA added some of the following changes to its guide:
- For the first time, the FBI and NSA have been added as co-authors for their contributions and insight.
- Implemented recommendations for preventing common initial infection vectors, including advanced forms of social engineering and compromised credentials.
- Updates to recommendations for addressing cloud backups and zero trust architecture (ZTA).
- Expanded its ransomware response checklist to include threat-hunting tips for detection and analysis.
- Mapped recommendations to CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs).
“This document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, respond, and recover, including step-by-step approaches to address potential attacks,” according to CISA’s website.
