“If it hasn’t happened to them yet, districts tend to think there’s no need to invest the money,” said Scott Augenbaum, a retired FBI Special Agent in the Cyber Division and author of The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business From Cybercrime. He led a session alongside fellow cybersecurity experts Denise Caccavari, William Cirone and Christopher Infante at the Future of Education Technology Conference (FETC) in Orlando Thursday.
“But then it does, and when it does, the likelihood of recovering any data or funds that are stolen is very low,” Augenbaum said. “And the likelihood of catching and arresting the thieves is even lower.
Cybercrime was a $3 trillion problem in 2015 and that has now doubled, becoming a $6 trillion in 2021 that is only expected to rise, according to Cybersecurity Ventures.
“During my career with the FBI I dealt with over 1,000 cybercrime cases, and unfortunately, a lot of those were K-12 schools,” he said. “I’d go out and try to explain to them about cybercrime and ask if they were concerned, and they would say, ‘Well, we’re just a little school district, we’re not metro Nashville school district.’
“The cybercriminals do not care who you are,” he added. “They aren’t concerned about the size of your organization. They still want to target you. None of my victims ever expected to become a victim. They were all completely blown away when it happened.”
One problem is that very little sophistication is required to pull off a cybercrime. And because it’s been so important to try to give students, teachers and staff easy access to what they need–in the past two years especially–the focus on keeping that information secure has fallen by the wayside. Part of that has to do with IT staff lacking the funds and the bandwidth to concentrate on that side of it, which is one major reason that schools need to support funding cybersecurity measures.
Another reason K-12 is in the crosshairs is that the criminals know schools are underfunded and undersupported, making them the perfect potential victims.
“The reality is that most cybercrime I’ve dealt with easily could have been prevented,” Augenbaum noted. “What keeps you up at night? What are your concerns? And if 90% of that could easily be prevented, why are we not focusing on those things?”
The experts emphasize that there is no silver bullet, no one piece of hardware or software and no one company you can hire that will offer a holistic solution. “If anyone comes to you to sell you a solution and says that, it should be a major red flag,” Infante noted.
What it comes down to is there is not a clear understanding of this crisis, Augenbaum said. Here are five mportant things that must happen as soon as possible:
– Districts need to understand the state’s data privacy laws to ensure students’ and staff’s private information is secure.
– Know how to keep your data safe, such as using two-factor authentication.
– Districts have to prioritize funds to pay individuals to do the work, although it is expensive beyond salaries, such as the necessary tools. Hiring entry-level people can be less expensive but retention is often a problem
– Work to dash the legacy mindset that the enemies are being kept at the gate. Most likely they are already making their way through. Multiple layers of security are necessary, not just firewalls or anti-virus software or even a combination of two or three.
– Take a partner approach to educating districts how and why it is important to address this issue proactively, and immediately, rather than trying to figure it out without expert input.-