As technologies evolve across the world, so do cyber threats. Every October, Cybersecurity Awareness Month serves as an annual reminder that online safety is critical to protecting our communities from digital threats. This year, it’s more important than ever to take the simple, effective steps necessary to keep our homes, business, and schools safe.
The Institute for Security and Technology is dedicated to tackling emerging security threats every day, uniting policymakers, technology experts, and industry leaders to translate discourse into impact.
Throughout October, our social channels featured practical resources, novel research, and critical insights from IST’s cadre of experts designed to help individuals, organizations, and communities strengthen their cybersecurity resilience.
Compiled for the NatSpecs blog, these resources showcase IST’s groundbreaking work in the fields of ransomware, artificial intelligence, critical infrastructure security, and more.
Blueprint for Ransomware Defense: 90% of small businesses report having been victims of a cyber attack—and 23% were attacked just in the last year alone, according to Coalition’s 2025 Small Business Survey. How can businesses stay safe from these threats?
Written for the small and medium-sized business, the Ransomware Task Force’s Blueprint for Ransomware Defense is an action plan for ransomware mitigation, response, and recovery.
The Blueprint presents 24 actionable Safeguards based on the CIS Controls that help businesses focus their resources on the critical actions needed to defend against the most common cyber attacks.
Strengthening Brazil’s Cybersecurity: The Brazil Ransomware Task Force: Digital threats have no regard for borders, which is why IST takes an international, multi-stakeholder approach to combating cybercrime.
In collaboration with the Ministry of Foreign Affairs of Brazil and Organization for American States earlier this year, IST previewed the Brazil Ransomware Task Force report to support counter-ransomware efforts in the Americas. IST Senior Director for International Cyber Engagement Elizabeth Vish and Future for Digital Security Associate Gigi Flores Bustamante spoke at the event, held on the margins of the UN’s Open-Ended Working Group (OEWG) on ICTs, and reflected on their experience for the NatSpecs blog.
Exercise VEIL STORM I: After Action Report: Ransomware victims who engage with law enforcement reduced breach costs by $1m on average, according to one IBM report. But when your business is hit with a cyber attack, what comes next? What information should you share with law enforcement and the government, and what can you expect to happen with that information?
The tabletop exercise VEIL STORM I, designed and delivered by the RTF’s International Engagement Working Group in partnership with Europol’s European Cybercrime Centre, brought together participants to consider challenges to operational collaboration and information sharing in responding to a hypothetical ransomware scenario. In her after-action report, IST Deputy Director Taylor Grossman summarized the key takeaways of the exercise.
Public Private Partnerships to Combat Ransomware: Public-private partnerships –collaborations between government, industry, and civil society –are critical in the fight against ransomware and cybercrime.
As part of IST’s efforts to empower cross-border collaboration, Elizabeth Posegate Vish and Gigi Flores Bustamante, with support from Global Forum on Cyber Expertise and governments of Spain and the U.S., examined PPPs working to combat ransomware. “Public Private Partnerships to Combat Ransomware,” analyzes Europol’s European Cyber Crime Centre, CISA’s Joint Cyber Defense Collaborative, and IST’s own Ransomware Task Force, to identify these partnerships’ mechanisms for collaboration, successes, challenges, and keys to efficacy.
Q&A: Defending our nation’s schools against cyber threats: American schools are battling cyber threats at a rate of 5 incidents per week. Across the country, students are losing classroom time, resources, and even their information to criminal actors.
This summer, IST announced the launch of the K-12 Cyber Defense Coalition (K-12 CDC), a group of thirteen organizations representing school boards, technology leaders, principals, state leaders, and more dedicated to defending our nation’s schools from cyber threats. IST Director of Strategic Communications Sophia Mauro sat down with Senior Director for Preparedness and Response Michael Klein, who leads the K-12 CDC, to learn more.
Cybersecurity Considerations for Universal Service Fund Reform: In September, a ransomware attack forced public schools in the Uvalde School District to shut down for 4 days, emphasizing the need for cybersecurity support for K-12 schools.
In “Cybersecurity Considerations for Universal Service Fund Reform,” IST SVP for Policy Nicholas Leiserson explores how reforms to the Universal Service Fund could allow for the purchase of additional cybersecurity resources that could protect students. While the USF has historically focused on providing broadband access to schools and libraries, there is a clear need to ensure that increased access to the Internet does not also leave schools more vulnerable to cyber threats, he argues.
IST joins Kentucky school to announce cybersecurity funding from the FCC: 82% of K-12 schools were the victim of a cyber attack between 2023 and 2024, according to the Center for Internet Security’s 2025 K-12 Cybersecurity report.
After IST launched the K-12 CDC to increase resilience for local schools, Jefferson County Public Schools in Kentucky welcomed Michael Klein to help announce $4 million from the Federal Communications Commission that will significantly upgrade the district’s cybersecurity defenses. Schools should not be fighting transnational actors on their own, Michael told local news station WLKY.
Hack the Plant: Preparing for Unnatural Disasters: Our water systems and other lifeline infrastructure face a multidimensional threat, and most communities remain underprepared. IST’s UnDisruptable27 seeks to protect these lifeline entities from cyber threats through practical, cyber-informed engineering solutions.
IST Adjunct Senior Technical Advisor Bryson Bort hosted IST Executive in Residence for Public Safety & Resilience Josh Corman on the Hack the Plant podcast the Cyber Civil Defense Initiative.
How vulnerable is critical infrastructure to cyberattack in the US? UnDisruptable27 aims to prepare our communities for cyber threats like Volt Typhoon.
“We have always been prey,” Josh Corman told The Verge’s Justine Calma, but there are simple solutions to safeguard our infrastructure. In this Q&A, Josh and Justine break down what sectors are at risk, the consequences of a cyber attack, and IST’s plan to increase community resilience.
Josh Corman presents at BSides Las Vegas: What happens to a community when their local hospital loses power or water? If a cyber attack cripples your hospital, where do you go?
At Security BSidesLV, Josh Corman hosted the I Am The Cavalry track, featuring programming focused on no-kidding short-term measures to take to reduce risks to our critical infrastructure systems and UnDisruptable27. “We have to be forthright,” with local owners, operators, and communities, Josh explained during his presentation.
Decrypting Iran’s AI-Enhanced Operations in Cyberspace: As AI technology proliferates across the globe, it is expanding the ability of authoritarian states to commit human rights abuses, and to enhance their information operations and cyber attack capabilities. IST’s AI Risk Reduction Initiative works to unpack the opportunities and challenges that come with AI advancement.
For the NatSpecs blog, IST Deputy Director for Artificial Intelligence Security Policy Mariami Tkeshelashvili and Adjunct Cyber and Artificial Intelligence Policy Fellow Tiffany Saade analyze Iran’s use of AI in information operations and domestic surveillance to identify risks for the malicious use of the technology.
The Implications of Artificial Intelligence in Cybersecurity: Advances in AI present key cybersecurity opportunities, but how might malicious actors utilize the same technology? To answer this question, IST conducted a series of targeted surveys and interviews with industry incumbents, startups, consultancies, and threat researchers to capture insights into how organizations and practitioners are currently engaging with or integrating AI technologies, the evolving impact of these tools on the threat landscape, and their forecasts for the future.
In “The Implications of Artificial Intelligence in Cybersecurity: Shifting the Offense-Defense Balance,” authors IST’s Jennifer Tang, Tiffany Saade, and Steve Kelly leverage these studies to paint a comprehensive picture of the state of play and make the case for optimism.
TechnologIST Talks: The Offense-Defense Balance: To investigate the opportunities and risks inherent in these security applications, IST CEO Philip Reiner hosted Google VP of Security Engineering Heather Adkins on the TechnologIST Talks podcast to get her assessment of the threat landscape, public-private alignment on safety and security guidelines, and risk mitigation.
“There are no rules, and no amount of laws and regulations that we put in place are ever going to impact how [malicious actors use AI],” Heather said.
