There’s been a lot of activity this week on education cybersecurity. Starting with the federal student aid CISO begging the government to make cyber incident reporting for higher education institutions to be at the same standard as K-12 institutions, and a recent report from the GAO criticizing the U.S. Department of Education for not sufficiently coordinating communication between school districts and the feds on cybersecurity.
Stan Golubchik, Co-Founder and CEO, ContraForce, works directly with K-12 and higher education institutions to detect attacks and incidents. In response to Educause’s annual conference, specifically the education department and federal student aid office CISO on cyber incident reporting, Stan says:
“While there are over 9,000 EdTech tools in the K12 space, it is unknown how many tools are actually used in Higher Education (HigherEd institutions are not held to the same standards of reporting as K12). This is precisely why the government is begging HigherEd to report on cyber attacks— because today, there is no reason for private colleges to report anything to anyone.”
“With the proliferation of remote education and SaaS applications, colleges struggle with knowing when incidents occur due to the distributed educational footprint. They lack visibility to security threats when they occur, and lack effective incident response plans and systems. With loose regulations on what should be reported in times of a breach, colleges will struggle to not only gather the information needed for reporting a breach but to understand what information is needed and how to communicate it.”
It’s pretty clear that cybersecurity within education needs to be a key focus as this is where threat actors will focus as the education sector tends not to have the same resources available for cybersecurity versus other organization. Effectively making them soft targets. Any sort of soft target needs to be eliminated so that everyone is safer as a result.
Like this:
Like Loading...
Related
This entry was posted on November 3, 2022 at 3:01 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
EdTech Cyber Expert Comments On Governments Hyper Focused K-12 & HigherEd Cyber Response And Reporting Activity/Efforts
There’s been a lot of activity this week on education cybersecurity. Starting with the federal student aid CISO begging the government to make cyber incident reporting for higher education institutions to be at the same standard as K-12 institutions, and a recent report from the GAO criticizing the U.S. Department of Education for not sufficiently coordinating communication between school districts and the feds on cybersecurity.
Stan Golubchik, Co-Founder and CEO, ContraForce, works directly with K-12 and higher education institutions to detect attacks and incidents. In response to Educause’s annual conference, specifically the education department and federal student aid office CISO on cyber incident reporting, Stan says:
“While there are over 9,000 EdTech tools in the K12 space, it is unknown how many tools are actually used in Higher Education (HigherEd institutions are not held to the same standards of reporting as K12). This is precisely why the government is begging HigherEd to report on cyber attacks— because today, there is no reason for private colleges to report anything to anyone.”
“With the proliferation of remote education and SaaS applications, colleges struggle with knowing when incidents occur due to the distributed educational footprint. They lack visibility to security threats when they occur, and lack effective incident response plans and systems. With loose regulations on what should be reported in times of a breach, colleges will struggle to not only gather the information needed for reporting a breach but to understand what information is needed and how to communicate it.”
It’s pretty clear that cybersecurity within education needs to be a key focus as this is where threat actors will focus as the education sector tends not to have the same resources available for cybersecurity versus other organization. Effectively making them soft targets. Any sort of soft target needs to be eliminated so that everyone is safer as a result.
Share this:
Like this:
Related
This entry was posted on November 3, 2022 at 3:01 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.