Ari Flewelling (right), Professional Development Manager for CDW Education, hosted a cybersecurity panel at CITE 2022.

Nov 30 2022
Security

CITE 2022: Overcome Security Challenges and Prepare for 2023’s Growing Threats

Experts discussed the ways K–12 IT leaders can approach common cybersecurity hurdles, such as the lack of funding and support for stronger security measures.
Associate Editor Rebecca Torchia
by

Rebecca Torchia is a web editor for EdTech: Focus on K–12. Previously, she has produced podcasts and written for several publications in Maryland, Washington, D.C., and her hometown of Pittsburgh.

K–12 schools are facing high stakes when it comes to cybersecurity. Cyberattacks not only put student and staff data at risk, but they’re also expensive and can threaten a district’s reputation. News of successful K–12 ransomware attacks spreads quickly, which may be one reason district IT leaders are looking for any way to mitigate the threats.

The interest in cybersecurity was evident in Long Beach at this year’s California IT in Education conference. Security-focused breakout sessions at CITE 2022 filled quickly, and Wednesday’s keynote featured cybersecurity expert John Sileo.

Experts in cybersecurity sessions spoke at length about how to overcome current challenges to building a stronger security posture in K–12 schools, including the need for additional resources and stakeholder support.

Click the banner to stay up to date on CITE coverage when you sign up as an Insider.

CITE 2022 CITE 2022

Invest in Security Resources to Proactively Avoid Cyberattacks

If increasing, high-profile ransomware attacks didn’t emphasize the need for stronger cybersecurity measures, cyber insurance requirements did. However, in a panel discussion Tuesday called “Identifying the Risks and Challenges of Cybersecurity,” hosted by CDW Education’s Professional Development Manager Ari Flewelling, speakers discussed why, often, meeting insurance requirements alone isn’t enough.

“There’s a difference between a checkmark in an audit box and mitigating risk,” said panelist Steven Allison, a field CISO at CDW.

It’s better to pay for a more comprehensive security solution because, while it might be more expensive, it won’t be nearly as costly as a successful cyberattack. If there is a breach, the money will be there. “It takes the incident to create the incident-based spending,” Allison said, but IT departments can try to get that money for prevention.

School districts can also stretch their cybersecurity budgets by bringing in security consultants instead of hiring full-time staff. Many districts are finding it difficult to fill vacant security positions because K–12 institutions can’t pay these specialists as much as the private sector can. However, bringing in a part-time virtual CISO or other security consultant can give districts an expert’s perspective without busting the budget.

REVIEW: Read about the IT leadership and newest technologies at the CITE 2022 conference.

Educate Stakeholders on Cybersecurity Risks and Solutions

Acquiring the necessary funding up front for cybersecurity is often a matter of getting the right stakeholders to understand the risks cyberattacks pose.

“There needs to be support from the top,” said Jon Carrino, director of technology services at William S. Hart Union High School District. “When resources aren’t available because there’s no support from the school board or superintendents, those initiatives become impossible.”

One challenge is that, frequently, board members, superintendents and other administrators don’t have an IT background. This makes it more difficult to convey the importance of proactively mitigating risks.

“Make sure you’re able to communicate the ‘why,’” said Brandon Weber, IT director for the Lancaster School District, adding that it can be helpful to collaborate with the teacher’s union and its leaders. “If they’re on your side, things go far more smoothly.”

Are These the Top Threats in 2023?

One benefit of the recent spotlight on cybersecurity in K–12 education is that it could lead to more resources to help schools defend against emerging threats, said Bob Turner, field CISO at Fortinet.

Turner shared his company’s predications on the future of cybercrime Wednesday morning in his session, “A Case for Cybersecurity Operations in Education.” Defending against new attack vectors is especially important as the threat landscape expands, he said, with cybercriminals targeting Linux, operational technology, esports, edge technology and more.

Here are cyberthreats schools can expect to see in 2023:

  • Ransomware and Wiper Malware: Ransomware will remain popular but may become more destructive with the addition of wiper malware, which can erase an infected hard drive, deleting its data.
  • Weaponized Artificial Intelligence: Threat actors may use deepfake technology to greatly enhance social engineering attacks.
  • Crime as a Service: After investing time and energy into profitable attack vectors, some cybercriminals are banding together to offer Crime as a Service to buyers who are willing to pay to attack an organization.
Photography by Rebecca Torchia

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now