Update: According to the Indiana Department of Education, this grant is to be chosen by lottery if more than 40 grant applications are received. We urge you to seek the most appropriate vendor for this endeavor, as well as to take the time to understand your options rather then expedite a contract.
Cyber security in schools isn’t a new concern—it’s just one that’s taken understaffed school districts valuable time and resources to wrap their heads around. Cyber security threats to education, specifically in the K-12 arena, are on the rise nationwide, as threat actors continue to pursue vulnerable state and local institutions that are stretched too thin to properly monitor their organizations.
In the last two years alone, there have been more than 300 cyber security incidents at K-12 schools in the United States, allowing hackers unwanted access to personally identifiable information (PII) that is stored on district servers, networks, and on school websites. Medical records, credit card numbers, and student bus routes, addresses, and images are all susceptible to data breaches.
But perhaps even more alarming is the recent rise in “ransomware” attacks being waged against K-12 and higher education institutions. Attackers are finding any way they can to monetize their exploits, including the installation of denial of service programs and crypto currency miners that can steal processing power away from school operations. Such attacks, like the ones on school districts in New York, Texas, Florida, and New Jersey, force districts to spend time and money they don’t have in order to restore order to their daily operations.
Unfortunately, for most K-12 Superintendents and IT professionals, any of these types of disruption to operations at a district level can be followed by many months of unwanted stress and financial consequence. As we have seen with breaches in the healthcare and retail sectors, cyberattacks in the education space often result in hefty non-compliance penalties, staff burnout and turnover, classroom disruptions, and loss of trust in the administration’s ability to protect students and faculty online.

Technologies, Cyber Threats More Sophisticated Than Ever

As the use of technology in classrooms continues to increase and evolve, so too will the sophistication of cyber security threats. More so than ever before, school districts are seeking out and relying on 24×7 cyber monitoring, threat hunting and detection, mitigation, and incident response to protect them from damaging internal and external threats.
The Indiana Department of Education just announced a cyber security grant match opportunity, available to up to 40 Indiana public school districts that apply by June 15. More details here.
So, what can IT professionals and school Superintendents do to better protect their districts? First, know your limitations. Despite the fact that cyberattacks are on the rise, many schools have inadequate monitoring and response tools and lack the educational training that is needed, district wide, to prevent them. And once you have assessed your capabilities, be sure to find the right cyber security partner.
When choosing a cyber security firm, be on the lookout for:

  • active, real-time monitoring of the school network environment
  • 24×7 eyes-on-screen security operations support
  • ability to assimilate and correlate data from your existing technologies and tools
  • proven service experience with multiple organizations
  • threat hunting and response capabilities, to include Network Coverage (Network Traffic Analysis); Monitoring and Analysis of correlated system event logs (SIEM or SIEM as a Service); Advanced Endpoint Management at the host level (Next generation host hunting and antivirus); and Vulnerability Management

With the right partner in place, your district will be better protected from emerging cyber threats and more in tune with emerging technologies and compliance regulations.

Customizing Your Cyber Security Solution

A trusted partner to the state of Indiana with a proven track record of success in the education space, Pondurance has the talent and tools to help your district extend its security capabilities and improve its security posture. In partnership with your team, we can help you to protect your district’s educational and personal data, as efficiently, and cost- effectively as possible.
We provide custom solutions, based on each client’s unique needs, and we can easily plug into your existing technologies and monitoring tools. If you are interested in learning more about common security threats in education and best practices for preventing costly breaches and infections, please contact us via email or join us for our upcoming Indiana K-12 Cyber Security Solutions Webinar on May 22.
Pondurance k-12 cyber security webinar | Tusday may 22nd, 3PM