As Cybersecurity Costs Rise, How Can K–12 Schools Ratchet Up Protection on a Budget? by Amy Burroughs
Wednesday, March 20, 2024, 08:41 AM
Posted by Administrator
As if the worsening threat landscape weren’t bad enough, K–12 districts also face higher costs related to cybersecurity with the continued rise of ransomware demands, the financial impact of breaches and cyber insurance premiums.Posted by Administrator
To help, the Consortium for School Networking submitted a petition to the Federal Communications Commission in 2021 asking it to expand E-rate funding to cover cybersecurity solutions. In December 2022, the FCC invited public comment on E-rate coverage for advanced firewalls, citing CoSN’s petition as one of the reasons, says Reg Leichty, founding partner of education law firm Foresight Law + Policy.
“Bolstering K–12 cybersecurity will require multiple strategies at the local, state, regional and national levels, but E-rate can play a key part in addressing the problem at scale,” he says.
Meanwhile, a growing number of districts are creatively stretching their cybersecurity dollars. Bulk purchases, virtual CISOs and in-house skill development help IT leaders raise their defenses without breaking the bank.
K–12 Schools Band Together to Boost Buying Power
Located just outside Dallas, the Region 10 Education Service Center is one of 20 ESCs in Texas, which provide a wide variety of services to districts throughout the state. Region 10 serves more than 847,000 students across 120 entities in North Texas, about half of which are considered “small,” says CTO Chad Branum.
Region 10 districts typically have a technology professional on staff, but that person may fill dual roles, and most schools lack a dedicated IT security professional. Larger districts are starting to fund such positions, Branum says, but cybersecurity remains a tall order for one person to manage.
That’s where Region 10 comes in, extending local resources with the buying power of high-volume purchases. By negotiating on behalf of multiple districts, Region 10 can secure enterprise-quality solutions at a fraction of the price that districts would pay on their own.
Endpoint protection is a case in point. When district leaders reported that endpoint security was a major concern, Region 10 worked with CDW to deploy CrowdStrike to the districts that wanted it.
“It gives them the industry-leading endpoint protection solution, regardless of their size,” says Branum. “That shows the power of what a service center consortium effort can do.”
Sharing resources is a great strategy for both consistency and cost savings, says Amy McLaughlin, cybersecurity project director for CoSN.
“When you pool resources, you can make sure that a group of districts are all using a supported, unified set of tools,” McLaughlin says. “A group of districts may also be able to share a few security people or a virtual CISO.”
North Texas Schools Build In Resilience to Protect Against Ransomware
Region 10 also helps member districts strengthen their security in other ways. When districts reported that distributed denial of service attacks were a problem, the ESC came up with a solution: a massive network that connects more than 70 districts across 110 circuits, says Information Security Manager David Mendez.
“It has a 200-gigabit connection that can scale up to a terabit, and it’s all protected,” he says. “So now you have enterprise-grade DDoS protection, whether your district has 800 students or 60,000 students, at an affordable cost.”
That network is the backbone for other Region 10 services that districts can use, including Firewall as a Service and Backup as a Service.
“We built a lot of resilience to help districts should a ransomware attack happen,” says Mendez. “That was layer zero, and now we’re building on top of that.”
This layered defense helps reduce the siloed solutions that districts might implement on their own, says Branum. “All of those other pieces ultimately come together to craft a more holistic solution for our districts,” he says.
Meanwhile, the ESC partners with industry-leading experts and solutions to provide 24/7 monitoring for 15 or so participating districts — thereby filling another crucial gap, Mendez says.
“You can get bond money and find the best equipment, but who’s going to look after it?” he says. “We said, let’s create a solution that affordable for K–12 schools and also enterprise-grade.”
The security operations center’s experts also review districts’ incident response plans to ensure that local teams know how to respond when a breach occurs.
“Our approach as a regional service center has been to find those offerings that can fill a lot of gaps and adding best-practice layers into the portfolio to help mitigate risk as much as possible,” says Branum.
Virtual CISO Provides Valuable Security Insight
When Tom Nawrocki became the executive director for IT at the Charleston County School District in South Carolina, one of his first moves was to hire two separate consulting firms to perform penetration tests, six months apart, to evaluate the network. They weren’t expensive, but they were extremely valuable in terms of insight, he says.
“That really catapulted us into knowing what needed to be addressed and what didn’t,” he says.
Nawrocki tried to hire a CISO, but like many districts, found it tough to compete with the private sector. Eventually, he engaged a virtual CISO instead.
“He helps me prioritize what the security landscape is shifting toward and how we should adjust our goals,” says Nawrocki. The virtual CISO also supports planning efforts, including incident response and disaster recovery.
Frequent vulnerability scanning is key to Nawrocki’s arsenal of cost-effective defense. The virtual CISO runs the scans and prioritizes results for Nawrocki’s team to address.
“He takes all of that off of me and my team,” says Nawrocki.
Increasing the scans carried an initial cost, but it has drastically reduced the number of issues that Nawrocki’s team must manage. “Because of that, I don’t have large events,” he says. “I’m also catching things earlier.”
Building a Security-Minded Team from the Inside Out
Overall, Nawrocki’s goal was to make security part of the culture. At first, that was a paradigm shift, especially for engineers who had never focused on security, but Nawrocki knew he needed a security-minded team.
That’s a smart strategy, says McLaughlin. “Hire people who are connected to the mission of education and who have the skills — but maybe not as much experience — and train them,” she says.
Now, Nawrocki’s team consists of a strategic combination of internal and external people.
“I’d never have just one person who is my go-to guy for all things security,” he says. “I have multiple people whom I trust, who know enough about my system that if I’m ever in trouble and one of them is not available, I can pick up the phone and call the others.”
Note: If this article has helped, please feel free to share. If you'd like to participate and post an article, please send your submissions to info@certificationpoint.org
—————————————---
MARKETING & PROMOTION
—————————————---
Check Out Our Video!
A Smarter Way To Collaborate: https://m.youtube.com/watch?v=hyRxJvIXNR0
Register @ CertificationPoint!
—————————————
https://www.certificationpoint.org/member/index.php?command=signup_page
Find Out More About Student FreelanceWork EXperience Builders
——————————————————————————--------
http://www.certificationpoint.org/stude ... elance.php
Take An Exam Today @ CertificationPoint
——————————--------------------------
http://certificationpoint.net/register.php
APPRENTICESHIPS @ CERTIFICATIONPOINT
——————————-----------------------------------
http://www.certificationpoint.org/Apprenticeship.php
INVESTING IN CERTIFICATIONPOINT
——————————-----------------------
http://www.certificationpoint.org/invest.php
SOCIAL MEDIA
———————
Find us on Twitter: https://twitter.com/@certpointorg
Find us on Facebook: https://www.facebook.com/CertificationPoint
Find us on Google+: https://plus.google.com/117737803640713546061
Find us on Instagram: https://www.instagram.com/certificationpoint/
Find us on Tumblr: https://www.tumblr.com/blog/certificationpoint
Find us on LinkedIn: https://www.linkedin.com/in/certification-point-65a1642b
Find us on Pinterest: https://www.pinterest.com/certoken/
Additional Options For SHARING CertificationPoint
——————————————————-------------
https://www.scribd.com/document/696921433/CertificationPoint-Manifesto
https://www.scribd.com/document/696921430/CertificationPoint-Student-Poster
https://www.scribd.com/document/696921429/CertificationPoint-Student-Flyer
https://www.scribd.com/document/696921428/CertificationPoint-Inc-Course-Catalog-2024
https://www.scribd.com/document/696921427/CertificationPoint-Magazine
add comment
( 143 views )
| permalink
| ( 3 / 180 )