1. How much is MNPS spending and what services does it include?
A: In 2022, the schools spent $1.8 million on what it deems “information security” — firewall services, network protection, endpoint protection, backup solutions and a handful of other security services.
That $1.8 million is more than it ever spent — just over $1 million the year before, and between $500,000 and $900,000 the years before that.
The spending for 2023 is lower than 2022 — just over $400,000 — and that’s because the district pays for multi-year services at once.
The $1.8 million spent in 2022 includes three contracts that extended through 2023 and didn’t require additional spending.
2. What are other school districts spending on this and why is it so much?
A: The 74 Million, a nonprofit news outlet covering U.S education, reported last year that schools are the leading target for “cyber gangs” that demand ransom payments.
Schools often have “shoddy cybersecurity practices” and are willing to pay ransom demands to get their data back.
These cyber-attacks have become more common and how much damage they do has also increased.
IBM reported that the average cost of a data breach reached an all-time high of $4.5 million last year.
Last fall in the 5th largest district in the country — Clark County School District covering Las Vegas and the surrounding area — hackers stole student data and emailed it to parents to show them, “We have your child’s information, but the school district won’t pay the ransom.”
For more than a week, the district had limited access to online networks, students couldn’t access assignments and hackers had their information. Parents sued the district over the incident.
That district more than doubled its spending on cybersecurity and other IT costs for the current school year, spending $21 million, up from $10 million the last school year.
Since these attacks have grown in frequency, almost 100 cybersecurity bills introduced in state legislatures across the U.S. in the last three years have passed to help schools prevent attacks, report them, have contingency plans and expand the cybersecurity workforce.