More than 44,000 government and education employees in Massachusetts have signed on to a new cybersecurity awareness training program, spurred by numerous hacks directed at local public sector facilities, according to a blog posted on MassLive, an online media outlet.
In the most recent cyber attack, a hacker threatened to bomb the Chicopee Comprehensive High School in Chicopee, Massachusetts, 90 miles west of Boston. An attacker hit the city’s public school email system, leaving a message directed to students, parents and staff members that homemade bombs, referred to as improvised explosive devices or IDEs, had been placed in 10 classrooms throughout the school, according to a separate MassLive report. Some 300 students, about 25 percent of the school’s normal enrollment, faculty and staff were locked down while law enforcement searched the school. Ultimately, no bombs were found, Alvin Morton, Chicopee Public Schools Assistant Superintendent, said.
Chicopee was another in a series of cyber-related incidents that have shaken municipalities and schools in Massachusetts. In response, the state has initiated a new cyber awareness training program as part of the Municipal Cybersecurity Awareness Grant Program. The training enables faculty, staff and school officials to take part in cyber attack simulations, which have shown to be a key tool to improve employees’ ability to recognize threats, such as phishing, before hackers are able to infiltrate an organization’s network. “Building a culture of cyber awareness, local governments can grow their security teams to be the responsibility of all employees, said Curt Wood, technology services and security secretary, the blog post said.
According to Cyber Security Ventures, the market for security awareness training is expected to reach $10 billion by 2027, up from around $1 billion in 2014. Over the last two years, the importance of cybersecurity training in public sector organizations has gained the attention of the federal government and raised the profile of a number of training providers. Last month, the Department of Homeland Security’s cyber wing rolled out a new ransomware public awareness campaign featuring training, webinars, alerts and information on available resources for organizations to defend against network hijacks.
A number of legislative bills that would expand cybersecurity education, recruit educators and extend employee training have so far languished in Congress. For example, The Harvesting American Cybersecurity Knowledge through Education Act (HACKED), bill offers $200,000 in incentives for regional alliances and partnerships that facilitate cybersecurity education. Similar legislation, the Cyber Ready Workforce Act, would establish a grant program within the Department of Labor to help create, set up and grow registered apprenticeships for cybersecurity trainees.
A spike in Covid-19 associated remote working has shown that more cybersecurity training is needed for employees working at home. In mid-May, 2020, a study showed that nearly 75 percent of teleworkers and work from home employees lack help from their employers on security awareness, guidance or training.