From this yearK-12 school districts are the most popular target for cybersecurity attacks, and these attacks are becoming increasingly difficult to protect, according to Brianne Ford, assistant superintendent of information technology at the D Unified School District. ‘Irvine, California. Part of a panel of education technology professionals and policy experts Tuesday at the California IT in Education (CITE) conference in San Diego, Ford and others explained how California’s budget, new education laws State and increased attention could help schools strengthen cybersecurity protections.
Panelists painted a picture of a world of cybersecurity that is rapidly evolving with technological advancements. On the positive side, Ford said, cybersecurity teams can now leverage artificial intelligence to identify and prioritize system vulnerabilities, detect cyber threats in real time and automate incident responses. Additionally, schools can use AI to better track users’ compliance with security protocols, which is important because compromised passwords pose the biggest threat to Irvine Unified’s security, he said. she declared. AI can also be used to train users, particularly for incident simulations.
Ford cited figures of Acumen Research and Consulting she estimates the global market for AI-based cybersecurity products was $15 billion in 2021 and will reach $135 billion by 2030, and she said that was likely an underestimate.
However, attackers are also leveraging the latest technologies, and Ford said advances in threats are outpacing those in protection.
“We’re seeing that the number of investigations that administrators are asking us to do, because of student misbehavior or content being posted about our administrators and teachers, that number is increasing,” she said. “Our ability to give them a sure, definitive answer about who did it and whether it’s real or not is diminishing, and that’s pretty heartbreaking.”
Besides the amount of threats, Ford said his district has seen some surprising uses of AI in recent years.
For example, a student used AI to create a website that looked very similar to Canvas, a learning management system, and then launched a phishing scam targeting the school’s professors to collect their information. connection. Once the student had their login credentials, they would only access Canvas to change a single grade, but Ford’s team had to review 8 million student grade records to ensure that no other notes had been changed. They were able to go through so many records so quickly thanks to AI tools, Ford said, but the incident shows how easy it is for attackers to create realistic, personalized attacks with new technologies, and that Threats can come from within an organization.
Another insider threat, Ford said, comes from some parent organizations, like Moms for Liberty, that use AI to create differentiated responses to surveys and influence policy. They flood the survey with different answers but support the organization’s beliefs, which can make it difficult to decipher what the majority of the community actually wants, Ford said.
Regarding external threats, she said ransomware attacks now often include multiple parties: One attacker infiltrates the school network and compromises data, and another attacker installs ransomware, making it harder to identify and the extinction of the threat.
With all of these changes, the need for effective cybersecurity tools with proven benefits and robust training is greater than ever, Ford said. Purchasing new tools, updating equipment, and implementing professional training and development can be costly, but Barrett Snider and Nick Romley, representing the education lobbying organization Capitol Advisors Groupsaid California schools may soon have the funding and opportunity to do just that.
In California, Proposition 98 guarantees a minimum amount of education funding each year based on income and attendance. When California lawmakers suspend Proposition 98 and choose to fund schools below the calculated minimum, as they did last year, they essentially owe the difference to schools, Snider said.
For the 2023-24 state budget, the Prop 98 guarantee would have required $106.8 billion for schools and community colleges, but they only received $98.5 billion as the state determined that he couldn’t afford the full amount. As the proposal states, the $8.3 billion difference must be paid in one-time payments at a time when incomes are growing rapidly relative to per capita personal income. The state’s obligation in this regard is called the maintenance factor.
According to Snider, the state collected more tax revenue than expected this year because of the improving economy and stock market growth after the presidential election. All indications are that schools will receive one-time funding from the state over the next year, which could be dedicated to advancements in cybersecurity.
Additionally, recent state laws have given schools more control over technology use. Assembly Bill 3216, for example, requires elementary and secondary schools to limit or prohibit the use of devices such as smartphones in school, and Senate Bill 1283 allows schools to adopt a policy limiting or prohibiting the use of social media at school.
According to Snider and Romley, cybersecurity is a good candidate for one-time funding. It can be used to purchase new devices and enter into contracts with technology providers for a period of years, which can help schools navigate this period of rapid progress.
As schools consider using maintenance factor funding to support cybersecurity, Ford and Jeff Pelzel, former superintendent and current director of executive leadership and educational strategy at PowerSchool, said schools should include all of the organization in cybersecurity conversations and develop expectations of the vendors they partner with. .
Ford said cybersecurity vendors should have demonstrated effectiveness and a successful pilot implementation, be transparent about what data they collect and how it is used, explain how their product is sustainable for schools with a budget and a limited staff, and have competent and responsive support staff.
“It’s just not urgent until it happens to you,” Pelzel said.
