Today, an important joint advisory was released for the K-12 community from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC):
The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.
While this may not be breaking news for those who follow the work of the K-12 Cybersecurity Resource Center – as we have been documenting the rise of school cybersecurity incidents for years – the alert offers some important context and advice. Perhaps most pertinent of which is advice on how to seek help when a K-12 cyber incident is experienced:
To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at www.fbi.gov/contact-us/field. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting organization; and a designated point of contact.
To request incident response resources or technical assistance related to these threats, contact CISA at Central@cisa.gov.
To learn more, you can read the full alert (“Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data”) online or copied below. And, if your school district is looking for further support on cybersecurity issues, be sure to consider joining the newly-launched K12 Security Information Exchange (K12 SIX).