As Students Go Back to School Threat Actors Go Back to Work

School systems are at high risk for cyber attacks because threat actors know they are traditionally underfunded and understaffed, meaning many vulnerabilities may remain open.

Once in, hackers have access to incredibly valuable and personal information on children and their families, leading to ransom requests. In fact, the education sector is now the number one sector for ransomware attacks, with a 44% increase in the past year.

The eye-opening statistics don't stop there.

  • The education sector sees an average of 2,297 attacks weekly.
  • By the end of 2021, nearly one in three U.S. districts had experienced a breach.
  • The monetary losses to school districts following a cyber incident range from $50,000 to $1 million.
  • Six months into 2023, at least 120 schools faced a ransomware attack, compared to 188 in all of 2022.

Continue reading

The Highs and Lows of Strengthening the Federal Workforce

The federal government has put an emphasis on the need to strengthen the federal workforce. A strong federal workforce is one that is diverse in terms of race, gender, age, and experience. It is also made up of people with the skills needed to utilize and innovate with modern technologies. The results of diversity and hiring efforts have been mixed, providing insight into what really works in recruiting and retaining a strong federal workforce.

Help Wanted = Data Wanted

NASA has been working on improving the diversity of its workforce for over a decade. However, a recent report showed that despite all of the focus and effort, little progress has been made. The report found that demographics of NASA's workforce remain mostly unchanged since 2012 with only small increases of 1% to 2% for some demographic groups. NASA continues to lag behind the general federal workforce demographics with women making up 35% of the NASA workforce as compared to 45% of the general federal workforce. Women make up only 25% of NASA's scientific workforce compared to women holding 31% of scientific jobs elsewhere in government. Continue reading

Department Spotlight: Department of Homeland Security

The mission of the Department of Homeland Security (DHS) may seem straightforward - protect the homeland - but in practice a lot goes into fulfilling that promise. DHS is an incredibly complex organization with a set of agencies that, while focused on the singular mission of keeping America safe, do so in incredibly diverse ways. The Department has laid out six core missions that all support the effort to secure the nation.

Recent efforts of DHS highlight their commitment to these goals. Continue reading

Cybersecurity Awareness Month 2022: See Yourself in Cyber

Since 2004, The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have led a collaborative effort (at the direction of the President and Congress) to raise cybersecurity awareness nationally and internationally. Marking October as Cybersecurity Awareness Month, individuals and organizations are given the tools to ramp up their cybersecurity education efforts. The theme for 2022 is "See Yourself in Cyber," putting the people aspect of cybersecurity front and center.

This focus on people is two-fold. First, there is the individual and personal responsibility each of us has to understand good cyber hygiene and conduct ourselves online in a way that protects the networks we depend on. Second, there remains a huge gap in the number of cybersecurity professionals and the number of roles that need filled. The "See Yourself in Cyber" theme invites more people to see their roles and skills in a cyber light, creating a bridge across the cybersecurity skills gap. Continue reading

Schools Have to Learn the ABCs of Ransomware

Ransomware has traditionally been a practice where cybercriminals encrypt data and demand ransom in exchange for a decryption key. More recently, a growing number of these bad actors threaten to make this information public if they do not get paid. This shift in the practice of ransomware has increased the "attractiveness" of K-12 schools for cyber criminals. Information about children is among the most highly protected data there is, making it more likely ransoms will be paid to keep it private. For this and other reasons, K-12 schools are seeing an increase in ransomware activity. In 2021, there were at least 62 reported ransomware cases as compared to only 11 in 2018. 2021 also saw ransomware as the most common cyber incident for K-12 schools for the first time ever.

What Gets Compromised in a Ransomware Attack?

An incident in 2020 involving Fairfax County, VA Public Schools resulted in employee social security numbers being posted online. Hackers targeting a school district in Allen, Texas emailed parents with threats to expose their childs' personal information if educators did not pay a ransom. Showing the full swing of ransomware impacts from the serious to the mundane, a 2022 attack on the Griggsville-Perry School District in Indiana had many records compromised and leaked including a detention slip from December 2014 for a student who would not stop interrupting his health class. This shows the breadth of access that hackers had to documents and has led many schools to reexamine their file retention policy to reduce the amount of data accessible to bad actors. Continue reading