- IBM will award in-kind grants worth $3 million to six school districts to assist them in strengthening cybersecurity measures, the company announced Thursday. Districts can apply for the grants via IBM.org between Feb. 4 and March 1, 2021.
- Teams from the IBM Service Corps Program will deliver the services, with a focus on helping the districts prepare both proactive and reactive countermeasures for cyberthreats.
- The announcement follows an October Morning Consult study sponsored by IBM, conducted among 1,000 K-12 educators and administrators in the U.S., that found cybersecurity in the sector is hindered by a need for additional training, a lack of threat awareness and concern, and budget constraints.
The move by IBM also follows a December FBI warning that between August and September 2020, K-12 ransomware attacks accounted for 57% of all reported ransomware incidents, marking a 29% rise over previous months. The agency also issued a warning last summer in regard to remote desktop ransomware risks in K-12, as reported by ZDNet.
As of December, around 1,110 cybersecurity incidents were publicly reported in K-12 since 2016, according to The K-12 Cybersecurity Resource Center. Schools and districts are a popular target due to the high volume of valuable data available and because districts often have limited cybersecurity measures in place due to limited funding and awareness of the issue, both of which vary from district to district.
Ransomware has been a particularly popular mode of attack due to the likelihood districts will pay the ransoms in order to have access to student and personnel data restored quickly. Other incidents have included disclosures of personal data, phishing and denial-of-service.
These factors have contributed to rising attention to K-12 cybersecurity issues, especially as districts transitioned to distance learning in the wake of COVID-19-related school closures. In an analysis of 100 pieces of cybersecurity legislation introduced in 2020, common K-12 concerns raised by lawmakers included cybersecurity instruction for students, technical assistance to schools, and investments for improvement in technology and professional development. Until states commit to investing in the funding districts need to maintain dedicated cybersecurity personnel and services, however, grants and other finite initiatives targeted at the issue will likely only serve as a Band-Aid.