K12 SIX Threat Information Sharing Community Develops Recommendations in Ransomware Task Force to Combat Growing Menace
Herndon, VA USA – April 29, 2021- K12 SIX is pleased to have represented threat information sharing communities on the Ransomware Task Force, a multi-sector group of institutions working to combat an increasingly prevalent and sophisticated threat.
The Task Force report, released today, provides recommendations for public and private action to reduce the threat posed by ransomware attacks. K12 SIX, along with parent organization Global Resilience Federation, participated on the Task Force working group and provided open source, aggregated impact data from ransomware attacks on primary and secondary education in the United States.
“K-12 education has been significantly impacted by ransomware, so we felt an obligation to help address this problem,” said Doug Levin, National Director of K12 SIX, a threat information sharing hub for school districts that provides warning and mitigation against malicious cyberactivity. “Changing tactics of ransomware actors, such as perpetrating identity theft and credit fraud alongside their extortion demands, serve to make ransomware disproportionally harmful to schools,” added Levin.
The task force, formed by the Institute for Security and Technology and launched with organizations including McAfee, Microsoft, the Cyber Threat Alliance, the Global Cyber Alliance, Global Resilience Federation and K12 SIX, produced recommendations including:
Coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy
The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House
Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments
An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks
The cryptocurrency sector that enables ransomware crime should be more closely regulated
Together the Task Force’s recommendations seek to deter attacks through a coordinated strategy, disrupt the ransomware business model, prepare organizations for attacks and help them respond more effectively.
“The impact of K-12 ransomware attacks are growing more significant not only in terms of the dollar cost of recovery but also in terms of their impact on students, on teaching and learning, and on the ability of schools to maintain their operations,” said Levin. “We encourage school districts, and organizations in all sectors, to shore up baseline security controls so they can maintain operations and avoid costly recovery scenarios in the face of the ransomware threat.”
###
About K12 SIX
Kindergarten Through Twelfth Grade Security Information Exchange (K12 SIX) is a cyber and physical threat information sharing hub for school districts, to aid in preventing and mitigating attacks. This non-profit member community is a cost-effective forum for crowdsourcing security information among a vetted, trusted group of professionals with a common interest, using common technology and with supporting, independent analysis from the K12 SIX security staff. Visit www.k12six.org to learn more. K12 SIX is a member of the Global Resilience Federation multi-sector network of information sharing communities.
For more information on the threat and the proposed path forward, watch “The State of K-12 Cybersecurity” panel discussion: https://www.k12six.org/the-threat. The first year of membership in K12 SIX is complimentary for eligible organizations. Contact info@k12six.org for details.
The K12 SIX secure collaboration platform was co-built with Cyware Labs, which has committed significant resources to support the community.
Media Contact:
Patrick McGlone, pmcglone@grf.org.