FIRST IN MC — K-12 cybersecurity is facing a pop quiz, and the results aren’t looking too promising. A recent first-of-its-kind cyber forum that brought together top officials and tech vendors looks to have exposed a rift between federal initiatives and on-the-ground realities in America’s classrooms, according to a PACE Forum press release first shared with MC. — First things first: U.S. Deputy Secretary of Education Cindy Marten and Deputy National Cyber Director Harry Wingo headlined the Oct. 8 PACE Forum. The gathering was meant to tackle the growing digital dangers facing classrooms, which is already a high-priority item for Washington’s cyber world. — Friction point: Multi-factor authentication faces serious hurdles in schools. Vendors report significant pushback from K-12 customers, especially for privileged accounts. Less secure forms of MFA, like email or SMS-based messages, are often seen as the only viable options in the K-12 context. — Cultural inertia: The resistance to new security measures in schools isn’t just about technology — it’s deeply rooted in institutional culture, according to one expert. Educators and administrators often share the same reluctance to change seen in other public sector roles, said Mike Hamilton, former CISO for the city of Seattle and founder of PISCES, which trains students to become cyber analysts. “Setting aside that school districts are underfunded and must balance priorities just to continue operating, employees can have a sense of entitlement and can be intransigent regarding changes to work conditions,” Hamilton, now CISO at Critical Insight, tells MC, citing resistance to adopting new authentication methods as an example. — Why it matters: Around 55 percent of K-12 data breaches have been linked to compromised vendors between 2016 and 2021. The forum, which was organized by UC Berkeley’s Center for Long-Term Cybersecurity and the Department of Education, aimed to shift the burden on cyber from resource-strapped schools onto tech companies. — A growing threat: K-12 districts have surpassed hospitals, government offices and other public-sector targets to become the most frequent targets of cyberattacks, according to the latest State EdTech Trends report. The number of cyberattacks on schools nearly doubled between 2021 and 2023, those researchers — who consulted with state education leaders in 46 states — noted. — Need more bake sales: Despite cybersecurity topping the ed tech priority list for two years running, the funding well is running dry. Only 8 percent of state leaders believe they have sufficient cyber funds, a sharp drop from 19 percent last year. Meanwhile, 33 percent indicated only a small amount of funding is available up from 15 percent last year. — What happens next: Forum organizers plan to convene a “community of practice” around edtech security. This lines up with the White House’s 2023 National Cybersecurity Strategy , which calls for “the most capable and best-positioned actors” to shield under-resourced organizations from cyber threats. DEVELOPERS ASLEEP AT THE WHEEL — Less than 4 percent of developers globally are involved in Secure-by-Design upskilling initiatives, according to new research out this morning by Secure Code Warrior. While critical infrastructure sectors show higher security postures, researchers warn that the lack of widespread developer engagement could leave organizations vulnerable to attacks. — Show me the money: CISOs are struggling to prove ROI on SBD initiatives, particularly in the early stages. The absence of industry-standard benchmarks has been a key challenge, making it difficult to track progress. — Size doesn’t always matter: The analysis reveals that both large-scale and smaller-scale SBD upskilling initiatives can be successful. The research shows that smaller-scale initiatives can ramp up quickly and run faster. But the kicker? For these initiatives to deliver measurable ROI sooner, a mandate has to be in place. — Vulnerability reduction is real: When upskilling initiatives are firmly established, the payoff is significant. Developers within large upskilling programs (7,000+ developers in a single company) can predictably reduce vulnerabilities by 47-53 percent. — (Former) government weighs in: Chris Inglis, former National Cyber Director, doesn’t mince words: “Now more than ever, we have a national responsibility to ensure SBD upskilling programs are in place.” Former acting National Cyber Director Kemba Walden echoes the sentiment, calling for enhanced SBD initiatives across digital infrastructure to reduce critical vulnerabilities. “This research issues a clear call to action for upskilling personnel and creating benchmarks to meet critical cybersecurity goals,” Walden said.
|
No comments:
Post a Comment