Who does a school board or town council hold responsible for cyber hacking or suspicious activity when the attackers are anonymous and the ransom, if paid, is untraceable? Do administrators hold employees accountable for detecting and preventing cyber-attacks? A data breach should be reported to law enforcement, financial institution and the public, if personally identifiable information is exposed to hackers but many breaches go unreported or worse, undetected. A second call may go to the insurance carrier that underwrites the cyber risk insurance policy if available. What steps are taken or should be taken to strengthen cyber defenses after an attack occurs? Who follows up?
A survey reported in “Education Week” says, “while the K-12 sector has spent heavily on digital devices, software, and bandwidth, investments in cybersecurity have not kept pace. That’s left many district IT departments understaffed and under-resourced—just as they’re being asked to fend off the types of attacks that have overcome well financed corporations like Equifax, Target, and Yahoo. One contributing factor: With so much recent attention and legislation around student-data privacy, many schools have been focused on identifying what information is collected from students and how it is used, rather than on how to keep safe the full scope of sensitive information on their networks.” Note 1
One of the key challenges facing our K-12 schools and municipalities is a growing IT skills gap, especially, cyber skills. According to a recent Global Information Security Workforce Study, the cybersecurity workforce gap is expected to reach 1.5 million by 2020, with 66% of the respondents across all industry categories, report not having enough workers to address current and future cyber threats. The cost of data breaches is also growing. IBM and the Ponemon Institute estimate that the average cost of a data breach in 2018 is $3.86 million.
Managed security service providers, like Digital BackOffice, offer a single point of contact help desk, 24×7 monitoring and expertise in securing the network perimeter and endpoints from cyber-attacks, malware, hacking and ransomware. Prevention is the key to cyber-attacks and effective prevention requires next generation tools, experience, training, process controls and a team prepared to take responsibility for managing network security.
• DBO Focuses on Core Competencies with strategic vendor partners
• DBO employees are level 3 network engineers with cross industry experience and training.
• DBO takes responsibility for managing the network security platform.
Mandates like PCI, the European General Data Protection Regulation (GDPR), and others make it clear that organizations including the public sector can no longer ignore security breaches or blame a breach on a third party and expect to avoid responsibility and liability. Partnering with next generation managed service providers is the fastest way to protect users and assets from hacking, data theft, ransomware, identity theft and inappropriate sites.
Note 1, Education Week, https://www.edweek.org/ew/articles/2017/11/29/schools-struggle-to-keep-pace-with-hackings.html