Cloud Hosting

The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center).

Published to prepare K-12 leaders with the information to make informed decisions around cyber risk, the report provides a data-driven analysis of what went well, what could be better, and what exactly is threatening our K-12 schools.

The MS-ISAC is federally funded by CISA and a division of the CIS.

What security risks are K-12s concerned about?

When considering the security concerns facing K-12 school districts, respondents stated their top five as:

Compounding these vulnerabilities are the real-world risks that these schools face. As listed in the report, they are:

The problems facing K-12 schools are roughly the problems we see across the board, but in these data-rich and resource-poor" environments, the sensitive, personal nature of whats at stake makes the situation all the more critical.

How prepared are schools to meet them?

This year, schools earned just over 50% in Average Cyber Maturity with a passing grade in Identity Management and the highest participation rate for K-12 school districts in the NCSRs 10-year history. Noting an overall 3% YoY increase in maturity scoring, schools are off to a good (albeit very gradual) start.

Lets review the high points. Schools performed well in:

Now, lets look for areas of opportunity. Referenced to a relevant NIST Cybersecurity Framework Category, these are the areas in which schools were generally performing poorly:

Just like eight out of ten schools were cyber insured, its interesting (and perhaps logical) that in an area where trained cyber professionals are hard to come by and there has been no historical groundwork for cyber infrastructure, the areas in which schools are performing the best are the ones leveraging the skills they already have (teaching, communicating, policy adherence).

Its fair to say this is one piece of evidence that schools are doing the best and in some cases, all they can. While a lean towards these security soft skills leaves some obvious technical gaps, this bias could prove an unlikely advantage. As the Verizon 2022 Data Breach Investigations Report notes, 82% of breaches are the result of human error, and tightening up that margin through security awareness and governance could be a small way to shut a large door.

How can schools improve their security posture?

In addition to some focused efforts on remediating the above areas of opportunity, there are a few things K-12 schools can do across the board to get those security grades up. They were listed in the report as follows:

In its final pages, the report outlines a host of free cybersecurity resources available to schools and districts looking to improve their security posture. Admittedly, its a new world for many of these organizations, and MS-ISAC, among others, is an organization committed to protecting what K-12 institutions have to offer.

The good news? This is just a pop quiz. If school administrators take the time to study, they can be ready for the real test. A test, hopefully, no school will have to face.

Editors Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Link:
The K-12 Report: A Cybersecurity Assessment of the 2021-2022 ... - tripwire.com