FBI warning for districts
In a December 10 advisory, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cyber actors have been targeting K-12 distance learning education -- causing disruption and stealing data -- and will continue to do so throughout the 2020-21 school year.
The advisory indicates that malicious cyber actors are targeting K-12 educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020-21 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.
The FBI and CISA encourage districts to have what they call “business continuity plans,” or a plan for what the district would do to maintain essential functions during emergencies, like cyberattacks. By planning now for these possibilities, districts can identify and fix issues. The FBI and CISA also suggest districts review or establish patch plans (plans for making sure software is kept up to date), security policies, and more to ensure districts address current threats posed by cyber actors.