Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, today announced that Chandler Unified School District is providing its more than 5,200 faculty and staff with Fortinet’s information Security Awareness and Training service to build cyber awareness and to further strengthen the district’s security posture.
Tied with the White House National Cyber Workforce and Education Summit in July, Fortinet announced the expansion of its existing Security Awareness and Training service to K-12 school districts across the United States free of cost. Chandler Unified School District joins other districts across the U.S. reaping the benefits of Fortinet’s free service offering, enabling them to build a cyber-aware workforce and improve their skillsets to avoid breaches at educational institutions.
Chandler Unified School District Selects Fortinet’s Cyber Awareness Training
Chandler Unified School District has seen the value of Fortinet’s service and is deploying it across the district to provide its faculty and staff with skill sets and knowledge that could prevent them from falling victim to popular cyber adversary methods, such as social engineering attempts, helping to reduce their cyber risk.
Colleen Flannery, Chief Technology Officer for Chandler Unified School District shared, “With more than 5200 staff and faculty logging in from both school and personal devices, it’s important everyone has the skills to recognize social engineering and other popular attacks. Cyber criminals don’t discriminate against the education sector, which presents a real need to ensure all our faculty and staff are cyber informed and know best practices. There’s no reason why a public school district should pass up this opportunity Fortinet is providing free of cost to use their award-winning training curriculum to instill must-have cyber skill sets. More than ever, cybersecurity is everyone’s job, and we want all our school members to practice this in their day-to-day online activities.”
Building Cyber Awareness in K-12 School Districts
Many K-12 school districts are rapidly transforming their networks to implement e-learning and other digital programs to enhance student learning across distributed campuses. As part of school districts’ digital transformation, it is critical that schools implement the right security solutions with integrated and comprehensive protection to keep the large amounts of personally identifiable information (PII) they store secure. At the same time, as the first line of defense, it is also essential for all school district employees to have a fundamental cyber awareness knowledge in order to spot any threats or cyberattacks.
To address this need, Fortinet offers its Security Awareness and Training service at no cost to all K-12 school districts in the U.S., and has updated the training for this offering to be education-focused, aligned with NIST 800-50 and NIST 800-16 guidelines. This initiative will help more than 8 million staff and faculty members across the country.
Validation as a Certified Cybersecurity Training Program
Providing further validation, local governments are recognizing Fortinet’s Security Awareness and Training service customized for school districts as a certified program, including the Texas Department of Information Resources, who added the service to its list of approved and certified cyber training options as part of the statewide employee requirement for cyber awareness training.
Rob Rashotte, VP of Global Training and Field Enablement at Fortinet said, “As the first line of defense, it is critical that school faculty and staff are able to identify and report threats to keep sensitive data and information secure. Fortinet’s Security Awareness and Training service, with customized learning content for school districts, will help develop cyber-aware culture to prevent these institutions from falling victim to cyberattacks. Making this service free to K-12 school districts in the U.S. is part of the Fortinet Training Institute’s initiative to make training more accessible to help close the cyber skills gap. We are excited to see additional validation from local governments that are making this service a certified program as part of their approved list of cyber training programs for employees.”
By Bob Turner, field CISO for education, Fortinet.
Education technology leaders are continuing to fight the cybersecurity battles. Microsoft reports that education accounted for over 80% of enterprise malware encounters since late February 2022. Sophos ranks education No. 3 in ransomware, with close to 500 attacks occurring in 2021.
While many universities are joining consortiums that provide security operations services, those institutions that have an active Security Operations Center (SOC), are reporting benefits including quick and effective response, decreased costs of breaches and operations, active threat prevention, improved communication and coordination, and availability of security expertise when they need it.
While there is forward motion aimed at providing safe and secure internet experiences for students and faculty, more can be done. With the cost of cybersecurity tools and talent, many programs are “best effort” and usually performed by IT staff who are not full-time security professionals.
Forward-leaning colleges and universities may have managed security services or have invested in a small team of security-focused staff. Others join with partner institutions or state level security operation centers and receive early warning information, allowing them to focus efforts when threats are reported. The rest are still struggling to rationalize the cost for any dedicated security operation.
Data breaches, ransomware attacks and other cyber incidents carry the potential for significant financial damage, among other problems, so colleges and universities have been investing for over a decade in improved talent, cutting edge cybersecurity tools, and continual testing of security controls. They’re also grappling with the need to protect research information and research budgets while also meeting increased compliance requirements that come with sponsored research.
Federal guidelines for protection of sensitive research and administrative data such as the National Institute for Standards and Technology 800-171, the Capability Maturity Model Certification (CMMC), and healthcare information protection laws are major motivators for improved cybersecurity given that personal and regulated data gathered under research projects must be protected.
As if the education system hasn’t already dealt with enough difficult change in the past two years as a result of COVID-19, the shift to remote/hybrid school also laid bare the cybersecurity gaps faced by many districts. Bad actors took advantage of already vulnerable systems and struck hard.
Ransomware attacks have been relentless. There were a record-setting 408 publicly disclosed cybersecurity incidents in 2020 in the K-12 sector, across 40 states, according to the State of K-12 Cybersecurity: 2020 Year in Review. Numbers for 2021 are still being finalized, but given what we’ve seen in terms of ransomware and cyber incidents overall, we expect them to be even higher.
Steps are being taken at the federal level; Joe Biden signed into law late last year the K-12 Cybersecurity Act to provide schools with more resources. But as we move further into 2022, ransomware attacks are still being perpetuated against schools even as districts try to bolster defenses. It can be hard to know where to focus first, so let’s examine some of the key things security IT teams should consider this year.
Uncertainty creates opportunities for bad actors
This year will experience the heightened cybersecurity threat level that the last two years saw. The year is still young, but we’ve seen schools across the country revert back to virtual learning as a result of the Omicron variant. Those types of shifts can too often open up potential opportunities for bad actors to strike, as cybercriminals operate on a “kick ‘em while they’re down” mindset. And we’ll continue to see malicious actors evolve their methods as needed to bypass or fool current cybersecurity efforts and continue their successful attack campaigns.
Circumstances make it clear that the focus for districts and schools must now become transitioning the short-term actions they initially took – both to facilitate virtual learning and combat cyber risk – into longer-term and more strategic cybersecurity approaches.
The disruptions to our society due to the coronavirus pandemic include significant impacts to education. Universities and colleges around the world have had to adjust to the reality of remote learning, at least for the foreseeable future.
The nation’s largest four-year college system, California State University, announced in May that instruction will primarily be conducted online this fall, and many other institutions are following suit. It’s now estimated that 70% of students are currently engaged in some form of online education.
This shift to digital learning has introduced a steep learning curve that many institutions that were unprepared for. Schools are working quickly to not only build the curriculum and content necessary to support online courses, but to also build the distance learning infrastructure needed by faculty and students to ensure simple and seamless remote access to this content. The challenges are, how to do this at scale, and how to do it securely.
The need to provide distance learning, and to do it quickly, has introduced new risks for educational institutions while creating potential opportunities for cyber adversaries. Schools have long been a target for cybercriminals. According to the 2019 Verizon Data Breach Report, education continues to be plagued by human errors, social engineering and denial of service attacks.
The changes brought about by the pandemic only compound those existing challenges. Based on recent information released in the latest Global Threat Landscape Report from FortiGuard Labs covering the first half of 2020, education comes in third, only after telecommunications providers and managed security service providers (MSSPs), in the percentage of institutions detecting ransomware.
Making Distance Learning Secure
Cyber adversaries have refocused their criminal efforts to take advantage of the new remote work and education environment resulting from the COVID-19 pandemic. They’re targeting the vulnerable devices and home networks of remote users looking to use those systems to open a back door into the core network.
This is evidenced by the significant increase in attacks targeting such things as consumer-grade routers, personal IoT devices, and components such as DVRs connected to home networks detected during the first half of 2020. Threat researchers are also seeing a spike in older attacks designed to exploit vulnerabilities in the often unpatched devices on home networks.
In fact, 65% of detected threats were from 2018, and a quarter of all detected attacks targeted vulnerabilities from 2004.
Naturally, the ability to securely support a remote learning policy is an essential component of any continuity and disaster recovery plan. However, to ensure that networked resources of colleges and universities, as well as those of remote faculty and students, are protected, these new realities need to be taken into account.