"K-12 Schools Lack Resources, Remaining Top Target for Cyberattacks"

According to a new report published by the Center for Internet Security (CIS), the K-12 sector remains a top target for cyberattacks, despite the improvement of security capabilities over time. The CIS report reveals that the education sector lags behind other sectors in cyber maturity due to limited internal resources for defense against threat actors, with nearly a fifth of K-12 schools spending less than 1 percent of their Information Technology (IT) budget on cybersecurity. It also discovered that 81 percent of K-12 schools do not fully implement multi-factor authentication (MFA), and 29 percent do not use MFA at all. The report follows the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) hosting a national summit on K-12 school safety and security to address the industry's complex threats. During the event, Jen Easterly, director of CISA, stated that ransomware is one of the most impactful and persistent threats targeting K-12 schools and districts, which is consistent with the CIS report. CISA recently launched an information channel to share ransomware-related resources in response to the increasing frequency of ransomware attacks. Aside from ransomware threats, the report discovered that Shlayer and CoinMiner were two of the top malicious malware targeting K-12 entities in the last year. Shlayer targets Apple macOS devices, acting as a dropper for other macOS malware designed to spam victims with online ads, whereas CoinMiner mines for coins using Windows Management Instrumentation (WMI). According to Easterly, these threat actors are not "discriminatory" and target schools of all sizes and locations. This article continues to discuss the targeting of K-12 schools by cyberattacks and efforts to improve K-12 sector security against cyberattacks. 

SC Magazine reports "K-12 Schools Lack Resources, Remaining Top Target for Cyberattacks"