Print Friendly, PDF & Email
 

Cyber Actors Target K-12 Distance Learning

AAFCPAs would like to make education clients aware that the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have assessed that malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber bad-actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year and beyond.

The disruption attempts include ransomware, malware, distributed denial-of-service attacks, video conference disruptions, social engineering, technology vulnerabilities and student data, open/exposed ports, and end-of-life software to name a few.

These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance the risks when determining their cybersecurity investments.

To report suspicious or criminal activity, contact your local FBI field office at www.fbi.gov/contact-us/field. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting organization; and a designated point of contact.

To request incident response resources or technical assistance related to these threats, contact CISA at Central@nullcisa.gov.

Cyber threats are continuously evolving, with new structures and schemes emerging daily. AAFCPAs’ Business & IT Consulting practice advises clients on improving their IT security posture with recommendations that are right-sized and tailored to be appropriate given each client’s resources and specific IT infrastructure requirements.

If you have any questions, please contact James Jumes, MBA, M.Ed. at 774.512.4062, jjumes@nullaafcpa.com; Vassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.com; or your AAFCPAs Partner.

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis Kontoglis
Vassilis is a highly-skilled IT professional with proven expertise in: business process improvement and change management, information systems gap analyses, cyber security and IT risk assessments, systems selection & implementation, IT auditing, and special attestation reporting (SSAE 18 and SOC 2). Vassilis performs comprehensive and thorough reviews of technology systems and environments, and advises clients on how to use technology to best achieve business goals and objectives.  He elicits input from stakeholders at all levels of the organizational hierarchy in order to thoroughly evaluate business performance across functional boundaries.  He analyzes current and potential business and IT processes to identify clear opportunities for improvement, which may include streamlining and automation, productivity increases, strategic alignment and cost reductions.