(844) 627-8267
(844) 627-8267

Iowa City schools investing more in cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The Iowa City Community School District is investing in more cybersecurity measures as cyberattacks increase in K-12 schools across the nation.

“We’re attacked hundreds or thousands of times a day,“ said Adam Kurth, Iowa City schools’ chief financial officer and former director of technology for the district. ”To my knowledge, we have never had an attack that’s been successful in our district.“

That may be true for the Iowa City district, but several school districts across Iowa — including Cedar Rapids and Linn-Mar — have fallen victim to cyber and ransomware attacks in recent years.

Many schools don’t have significant resources dedicated to cybersecurity. Yet school systems have confidential data on students and staff, including names, addresses and Social Security numbers. That information can be valuable to hackers, Kurth said.

Aaron Warner, founder and Chief Executive Officer of ProCircular, a computer security service in Coralville, said the company sees an “uptick in attacks” three days before the first day of school.

“Education is very sensitive to time,” Warner said.

Cedar Rapids, Linn-Mar attacks

The Cedar Rapids Community School District identified a ransomware attack on July 2, 2022. Personal information from staff was included in data stolen, and information about 8,790 individuals may have been compromised in the attack.

The district canceled its summer school the following week, impacting more than 750 children enrolled in programs.

The district paid an undisclosed amount of ransom to the criminal group that attacked its computers — a payment that likely was “absolutely necessary” but is recommended in fewer than 2 percent of cases, Warner said last year.

A month later, the Linn-Mar Community School District reported a “computer breach.”

Kurth said the cyberattacks to neighboring schools “heightened” his concern, but he doesn’t think it put the Iowa City school district more at risk.

“I don’t generally worry the district down the street being hit with an incident is going to heighten our risk,” Kurth said.

The attacks are being orchestrated “almost exclusively” overseas and attackers are not targeting any one specific area of the country, he said.

Iowa City adds protection

Last month, the Iowa City school board approved a $254,300 three-year contract for ProCircular to provide additional cybersecurity services to the district.

Those services include managed extended detection and response services, continual monitoring, incident response services and monthly check-ins to discuss best practices and remediation strategies.

This gives Iowa City schools access to an expert who can help the district evaluate its cybersecurity policies and procedures. The services will strengthen the cybersecurity mitigation practices the district already has in place, Kurth said.

Overall, Kurth estimates the district spends about $450,000 a year on costs associated with cybersecurity, including paying for its information technology staff.

“I think very few districts are spending at a level required to have an adequate level of protection,” Kurth said. “I don’t think we’re there either. There are all sorts of things on my cybersecurity wish list we can’t afford right now.”

The Cedar Rapids school district declined to speak with The Gazette about its cybersecurity plans, and the Linn-Mar district did not respond to requests for an interview. Neither district has disclosed how much its spends on cybersecurity.

Iowa laws

Iowa is slowly strengthening its cybersecurity laws.

It wasn’t until this year that Iowa had a law — Senate File 203, called the Computer Spyware, Malware and Ransomware Protection Act — making it illegal to launch cyberattacks in Iowa, said Warner, who served as a board member of the Technology Association of Iowa’s public policy committee, which advises on issues and policies.

The Iowa Legislature this year also approved House File 553 — signed into law by Gov. Kim Reynolds — that provides liability protections to businesses that voluntarily adopt cybersecurity best practices and reduce their vulnerability to cyberattacks.

“Cyberattacks are a major threat to industry and individuals across the state,” said Mollie Ross, vice president of operations at the Technology Association of Iowa. “It’s not if, it’s when there’s an attack.”

One way to “build resiliency” against cyberattacks is by educating employees on how to identify suspicious activity such as phishing, Kurth said.

Phishing is the fraudulent practice of sending emails or other messages that appear to be from a reputable source to get people to reveal personal information, such as passwords, bank account numbers and credit card numbers.

Iowa City schools — like many businesses — filters emails, so the majority of phishing attempts will be blocked.

“Most phishing attacks are intercepted and don’t get to the intended recipient,” Kurth said. “Some do, and every now and than an employee will contact the Help Desk” — information technology assistance — “with a suspicious email. We can take action to know where it came from and prevent it in the future.”

Comments: (319) 398-8411; [email protected]


Click Here For The Original Source.

National Cyber Security