Doug Levin recently wrote on Infosec.Exchange:
Rant incoming.
The frequency with which I read folks asserting that ‘education’ and in particular ‘U.S. K-12 schools’ are the most frequent ransomware target is so frustrating. Of course, that’s a nonsense assertion – and not supported by any reasonable read of the data.
It is almost like the education sector can’t or won’t motivate to better defend themselves unless they can prove they are the absolute worst (K-12 exceptionalism FTW). Look, writ large, cybersecurity incidents are plenty bad enough in K-12 – but at the same time I’d hazard we could eliminate ~ 80% of K-12 cyber incidents through enforcing some semblance of well-established best practices across districts.
By claiming we are the #1 target, it feels like folks are abdicating their responsibilities – and casting a blind eye to their culpability for more common issues like phishing, data breaches, and self-inflicted leaks. #EdTech @PogoWasRight @brett @funnymonkey @mkeierleber @michaelfklein
/End Rant