In The Age Of AIEnabled Attacks Should Every School Have A CISO
pHari Ravichandran is the CEO and Founder of Aura a leader in intelligent safety for familiespp ppWe in the business and tech world talk a lot about the future of work workforce development and the importance of STEM education But we dont often think about whats going on in our education system unless you have a schoolaged childppSurprisingly to some the cybersecurity tech and education worlds are more intertwined than ever before and not always in a positive way This is because unfortunately schools have increasingly become targets for cyberattacksppA report download from the US Government Accountability Office GAO found that school districts lose between 50000 and 1 million on average from cyberattacks and recovery takes two to nine months on average Schools are right up there with the energy transportation and water sectors as well as hospitals as critical infrastructure but for too long their cybersecurity needs have been neglected and deprioritizedppSince 2020 when the Covid19 pandemic made many classrooms virtual our education system has become increasingly dependent on technology Unfortunately bad actors and hackers have taken advantage of schools online learning and recordkeeping systems In 2021 education data breaches hit a record high with 771 institutions and nearly 26 million records impacted according to Comparitech researchers These often come from hacking and ransomware attacks on schools as well as thirdparty breaches like that of major edtech companies And as were seeing across industries wide access to artificial intelligence AI is making it easy for cybercriminals to generate highly personalized unique attacks at scaleppThe consequences are arguably even worse than your average cyberattack on a businessclasses and school operations are often put on hold for days and the sensitive personal information of minors is compromised Beyond just personally identifiable information PII like birthdays and addresses things like medical records home issues behavioral observations and financial information of students have been stolen and publicly disclosed on the dark webppFortunately our leaders have started to do something about this crisis In August 2023 the White House convened a meeting with education stakeholders to discuss how to strengthen the nations schools cybersecurity That meeting resulted in several strong commitments to investing in the cyber resilience of schools including new guidelines for educational leaders to strengthen their schools cyber infrastructure against attacksppWith nearly 100000 schools around the country this is a lot of ground to cover and its clear that there isnt a centralized voice considering the privacy and safety risks of new educational technology Often action isnt taken until its too late Something needs to changeppOn a broad scale we can look to the examples of companies involved in the White House initiative many of which are offering subsidized and free resources as well as training for schools But we need more than this Each school and school district has unique needs and should have a dedicated leader to manage its cybersecurityppAs public awareness about cybersecurity continues to grow and highprofile school data breaches appear in the news parents are going to start demanding more proactivity and protection from schools This is why in our increasingly digital age schools should have CISOsppA school CISO would be responsible for taking stock of a districts existing policies assessing edtech products purchased by the district and implementing best practices Here are some key priorities for someone in that role to considerpp Reviewing privacy policies and data breach protocols of edtech productspp Creating a strong PII access policy to safeguard both employee and student information stored by a schoolpp Ensuring that theres secure WiFi in school buildingspp Establishing a safe personal device policy for students and teacherspp Training staff to recognize the signs of a phishing attackpp Setting a schools data breach or ransomware response protocolppAt the same time schools should be implementing standard programs that teach students good digital hygiene like how to make strong passwords and use twofactor authentication 2FA how to spot scams and predators online and how to detect phishing emails and texts These programs should complement robust efforts to maintain cybersecurity training for staff and proactively establish response plans in the event of a data breach or security incidentppThe Cybersecurity and Infrastructure Agency CISA in a report earlier this year recommended that school districts and state boards of education consider appointing CISOs or at least cybersecurity personnel to ensure that schools are stepping up in protecting childrens data and the continuity of education Budget remains a concern and barrier to implementation in many cases but with the exponential growth of cyberattacks targeting educational institutions these efforts must be prioritized Parents businesses educators and the government must all work together to take a critical and proactive look at this situation to ensure that our children can learn safely without the threat of cyberattacksppForbes Technology Council is an invitationonly community for worldclass CIOs CTOs and technology executives Do I qualifyppp