{"id":21098,"date":"2023-01-26T16:10:32","date_gmt":"2023-01-27T00:10:32","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/01\/26\/news-14831\/"},"modified":"2023-01-26T16:10:32","modified_gmt":"2023-01-27T00:10:32","slug":"news-14831","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/01\/26\/news-14831\/","title":{"rendered":"CISA releases advice on how to safeguard K\u201312 organizations"},"content":{"rendered":"<p>To help K&ndash;12 schools and school districts in their struggle against cybercrime the Cybersecurity &amp; Infrastructure Security Agency (CISA) has released the report,&nbsp;<a href=\"https:\/\/www.cisa.gov\/protecting-our-future-partnering-safeguard-k-12-organizations-cybersecurity-threats\" target=\"_blank\">Protecting Our Future: Partnering to Safeguard K&ndash;12 organizations from Cybersecurity Threats<\/a>.<\/p>\n<p>A cybersecurity incident&nbsp;can&nbsp;significantly impact a school or district&rsquo;s ability to carry out its educational mission.&nbsp;Late last year, CISA warned of <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/authorities-issue-warning-about-vice-society-ransomware-targeting-the-education-sector\">ransomware particularly targeting the education sector<\/a>, and less than two weeks ago we reported on multiple schools being hit by a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/multiple-schools-in-uk-hit-by-vice-society-ransomware-attack\">ransomware attack<\/a>.<\/p>\n<p>This report gives insight in the particular threats the K&ndash;12 community is facing and offers actionable steps school leaders can take to strengthen their cybersecurity efforts.<\/p>\n<h2>1. Resource constraints<\/h2>\n<p>When resources are limited, it is important to make sure that the measures you choose to take are the most impactful ones. Important recommendations to that effect are:<\/p>\n<ul>\n<li>Working with technology providers that offer low-cost services and products that are secure by design and default.<\/li>\n<li>Urgently reducing the security burden by migrating to secure cloud environments and trusted managed services.<\/li>\n<\/ul>\n<p>CISA also recommends starting with the security controls that have the highest priority, making sure you align near-term investments with pressing goals and compliance regulations. You should also have a long-term cybersecurity plan that leverages the <a href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\">NIST Cybersecurity Framework (CSF)<\/a>, a&nbsp;set of guidelines for mitigating organizational cybersecurity risks.<\/p>\n<h2>2. Security measures<\/h2>\n<p>Some examples of high-priority measures provided by CISA, which&nbsp;ring true for most organizations, are:<\/p>\n<ul>\n<li>Deploying <a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\">multifactor authentication (MFA)<\/a><\/li>\n<li>Mitigating known exploited vulnerabilities<\/li>\n<li>Implementing and testing backups<\/li>\n<li>Regularly exercising an incident response plan<\/li>\n<li>Implementing a strong cybersecurity training program<\/li>\n<\/ul>\n<p>CISA recommends that&nbsp;K&ndash;12 organizations adopt its&nbsp;<a href=\"https:\/\/www.cisa.gov\/cpg\" target=\"_blank\">Cybersecurity Performance Goals (CPGs)<\/a>&mdash;a set of cybersecurity practices that, when implemented, &#8220;can meaningfully reduce the likelihood and impact of known risks and adversary techniques&#8221;.<\/p>\n<h2>3. Help each other<\/h2>\n<p>Collaboration and information sharing are both cost-effective and mutually beneficial in order to improve awareness of current threats and how to meet them. CISA provides these suggestions:<\/p>\n<ul>\n<li>Join relevant information and threat intelligence collaboration groups, such as the&nbsp;<a href=\"https:\/\/learn.cisecurity.org\/ms-isac-registration\" target=\"_blank\">MS-ISAC<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.k12six.org\/\" target=\"_blank\">K12 SIX<\/a>.<\/li>\n<li>Work with other information-sharing organizations, such as fusion centers, state school safety centers, other state and regional agencies, and associations.<\/li>\n<li>Build a strong and enduring relationship with CISA and FBI regional cybersecurity personnel.<\/li>\n<\/ul>\n<h2>Toolkit<\/h2>\n<p>CISA has also published a&nbsp;<a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/K-12-toolkit-24Jan23.pdf\" target=\"_blank\">toolkit<\/a> that aligns resources and materials to each of&nbsp;its three recommendations, along with guidance on how stakeholders can implement each recommendation based on their current needs.<\/p>\n<h2>Malwarebytes<\/h2>\n<p>Many K&ndash;12 organizations operate their own IT systems, known as &ldquo;on premises&rdquo; systems. Such systems require time to patch, to monitor, and to respond to potential security events.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/education\">Malwarebytes can help K-12 organizations<\/a> by combining these tasks and taking them to the cloud.<\/p>\n<p>Read also:&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2023\/01\/5-must-haves-for-k-12-cybersecurity\">5 must haves for K-12 cybersecurity<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/cisa-releases-advice-on-how-to-safeguard-k-12-organizations\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/business\" rel=\"category tag\">Business<\/a><\/p>\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Tags: K-12<\/p>\n<p>Tags:  CISA<\/p>\n<p>Tags:  NIST<\/p>\n<p>Tags:  CSF<\/p>\n<p>Tags:  CPG<\/p>\n<p>CISA&#8217;s released a report with recommendations on how to safeguard K\u201312 organizations from cybersecurity threats.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/cisa-releases-advice-on-how-to-safeguard-k-12-organizations\" title=\"CISA releases advice on how to safeguard K\u201312 organizations\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/cisa-releases-advice-on-how-to-safeguard-k-12-organizations\">CISA releases advice on how to safeguard K\u201312 organizations<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1001,23583,26071,28455,21035,32,11711],"class_list":["post-21098","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-business","tag-cisa","tag-cpg","tag-csf","tag-k-12","tag-news","tag-nist"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=21098"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21098\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=21098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=21098"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=21098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}