Cyber attacks against schools, local governments are up. Here's what Minnesota is doing about it
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
More than 300 local governments across Minnesota have signaled interest in joining a new state effort to combat the growing threat of cyber attacks, state officials tell Axios.
Why it matters: Public entities, including schools, state agencies, and universities, are the keepers of troves of sensitive personal information about the people they serve.
- Given that, hackers are increasingly targeting those institutions to steal, exploit, and sometimes expose sensitive personal data for financial gain.
What's happening: Last month, Minnesota IT Services launched what it's calling the "Whole-of-State Cybersecurity Plan" aimed at boosting "local government cyber defenses" through hack detection tools, threat analysis, and new security products and services.
- The state will distribute $23.5 million in new federal funding to cities, counties, schools, and Native American tribes.
The big picture: Cybercrime is up across the board, impacting everyone from individual text and email users to dating sites, casinos, and hospitals.
Yes, but: Local public institutions, including schools, are popular targets because they "tend to be a little bit easier to breach" due to a relative lack of resources, training, and tools to protect the large caches of data in their possession, Twin Cities-based cybersecurity expert AJ Nash of ZeroFox told Axios.
- "Criminals like wins," Nash said. "If they're going to put time and effort in, they want to get a win."
What they're saying: MNIT commissioner Tarek Tomes said the goal of the new initiative is to close that gap by giving smaller governmental agencies — think a township with just one IT staffer — access to more sophisticated anti-virus detection tools.
- "That in and of itself, is going to reduce our risks quite significantly."
Between the lines: Schools and universities across the nation are seeing some of the biggest increases in attacks. In Minnesota, Minneapolis Public Schools, St. Paul Public Schools, and the University of Minnesota have all disclosed major breaches this year.
- MNIT's program marks the first time the state is extending this "shared solutions and funding" to K-12 schools. More than half of the local groups that have expressed interest so far are in the education sector.
What we're watching: GOP Rep. Jim Nash, who serves on multiple state cybersecurity task forces and works in the field, said while MNIT has come a long way in protecting data, lawmakers must still address a "need for regular, programmatic funding to do nothing but cybersecurity."
- "This is only going to get worse," he said of the threat. "People who are tasked with maintaining, hosting, and protecting important data are facing bigger and better attacks on a daily basis."
The intrigue: The Waconia Republican is also open to exploring requiring that more governmental units opt into MNITs services and technology.
Be smart: Phishing messages— which seek to get an individual user or staffer to click on a link to infiltrate their system — remain one of the most common vehicles for ransomware attacks.
- That means training and personal vigilance to protect against human error is still going to be one of the most effective ways to reduce risk, Nash said.
What's next: Tomes said the state expects to start releasing services to participating agencies late this year or early next year.