A ransomware attack in my home city earlier this summer took systems offline for weeks. Recently, I tried reaching out to the person in charge of cybersecurity for the city and found only a CIO. This is not an anomaly. In fact, resources are scarce for local, state, and tribal governments across the country—a fact that attackers know all too well.
Hiring security staff doesn’t win in the public sector’s battle for budget dollars, especially in the K-12 sector. The Hill reported, “In its 2023 annual survey, the Consortium for School Networking found that just 16% of districts have full-time network security staff, down from 21% last year.” Meanwhile, ransomware continues to plague public school districts.
So, what can government agencies do to improve their cybersecurity postures when at best they might have a single person on the IT team with limited cybersecurity skills? Who is fighting for the security funding that towns, cities, and states need to defend against ransomware and other cyberattacks? These are questions examined in this RSAC 2022, What Do We Owe One Another in the Cybersecurity Ecosystem. As the years have passed, cybersecurity has become a national imperative.
Recognizing the need for federal support, the Biden administration took a step toward addressing the issue of strengthening the overall cybersecurity posture for the K-12 sector at a first-ever White House Summit focused on defending ransomware in the US public schools. Amazon has pledged $20 million to this initiative. Additionally, Cloudflare also announced that, “As part of the Back to School Safely: K-12 Cybersecurity Summit at the White House on August 8, 2023, [Cloudflare’s] Project Cybersafe Schools will support eligible K-12 public school districts with a package of Zero Trust cybersecurity solutions — for free, and with no time limit.”
In other ransomware news, Dark Reading reported, that ransomware actors, including the ClOp family, are increasingly exploiting zero-day vulnerabilities. Join us for an upcoming webcast with Alex Holden who will dive into MOVEit breach analysis.
Now let’s look at what else made industry headlines this week.
Aug. 10: Security Boulevard reported, “It’s only been three months since the Rhysida ransomware group was detected, but the rising number of victims it’s racked up in such industries as education, manufacturing, and, more recently, healthcare is drawing the attention of cybersecurity pros trying to uncover more information about the operators behind it.”
Aug. 10: A recent survey conducted by Checkmarx found that CISOs are increasingly asked to attend sales-related engagements to verify to potential buyers that their products or services are secure.
Aug. 9: DARPA made a big announcement at Black Hat: “The AI Cyber Challenge will offer nearly $20 million in prizes and includes collaboration from leading AI companies Anthropic, Google, Microsoft and OpenAI, who will make their technology available for the competition.”
Aug. 9: Boston-based cybersecurity firm, Rapid7, announced a restructuring plan that would result in a nearly 18% workforce reduction in order to “align the Company’s workforce with current business needs.”
Aug. 9: “A serious data leak has exposed the personal details of police officers and civilian personnel working at the Police Service of Northern Ireland (PSNI), it was confirmed on August 8,” Infosecurity Magazine reported.
Aug. 8: The NIST Cybersecurity Framework underwent revisions to better reflect the current cybersecurity landscape and allow for implementation across multiple verticals.
Aug. 8: The Society of Human Resources Management (SHRM) announced it has joined forces with the National Cyber Workforce and Education Strategy (NCWES), “making its Cyber Resource Kit for HR professionals publicly available to strengthen the talent pipeline for this critical industry.”