Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations

CYBER RISK ENDPOINT SECURITY MOBILE SECURITY REMOTE WORKFORCE Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations The UC Berkeley Center for Long-Term Cybersecurity (CLTC) offers tools and support to schools, local governments, and non-profits as they defend themselves against a growing volume of cyberattacks. Arielle Waldman,Features Writer,Dark Reading May 5, 2026 4 Min Read SOURCE: IMAGEBROKER.COM VIA ALAMY STOCK PHOTO States, cities, and localities are struggling to stay ahead of devastating cyberattacks, but some under-resourced organizations are buckling under pressure. Recent cuts to federal initiatives and policy changes mean they can't expect help from that quarter, paving the way for independent organizations and initiatives to fill the ever-widening void. The Cybersecurity Infrastructure and Security Agency (CISA) has seen its budget slashed and its workforce dramatically downsized over the past two years. The US government has also pulled back help for the Multi-State Information Sharing and Analysis Center, a public-private information-sharing initiative for people, businesses, and governments at the state, local, and tribal levels. And the White House's Cyber Strategy for America encourages organizations to adopt a more offensive approach as part of their defense strategies, something that may be difficult, if not out of reach, for smaller-scale organizations lacking dedicated IT and cybersecurity teams.  Related:Electricity Is a Growing Area of Cyber-Risk The University of California Berkeley's Center for Long-Term Cybersecurity (CLTC) aims to fill this growing gap by providing tools and services for low-resource organizations, such as nonprofits, municipalities, and schools.  "The feds have pulled back so hard on funding and support," says Sarah Powazek, CLTC program director of public interest cybersecurity. "It's sort of everyone for themselves at the local level." 'Out of Reach For Smaller Organizations' CLTC sees the problems and provides several initiatives to help resourced-strapped entities solve them. More importantly, the research and collaboration hub understands these groups have limitations. They need services — human-to-human, hands-on help — before they need toolkits, checklists, and software. "[We're] in a state where there are a lot of tools for free, but very few people have free services," Powazek tells Dark Reading. On the research side, CLTC offers Cybersecurity for Cities and Nonprofits (CyberCAN), where nonprofits can partner with cities, counties, and state governments to conduct surveys in their regions and then share the findings. For example, research could highlight the number of attacks or the security health of nonprofits. Coalition building, which includes cybersecurity clinics, is more hands-on. The clinics operate as a dual workforce training/cybersecurity defense program. Students, including undergraduates, learn to perform basic vulnerability or risk assessments for local organizations, while nonprofits, schools, cities, and small businesses receive similar help that they'd get from a professional service. One important note: It's free. Related:Lies, Damned Lies, and Cybersecurity Metrics "I used to work for CrowdStrike, and those engagements are very expensive and pretty much out of reach for smaller organizations," she says. "But they're the ones who need hands-on support and education the most." More Attacks, Less Support Schools, local government, and nonprofits are dealing with cyberattacks and scams of all kinds. For example, a phony invoice is enough to get nonprofits — operating with small budgets and margins — to hand over a large chunk of money, according to Powazek. Nonprofits have to prioritize funding support operations and delivering services, which leaves little for cybersecurity. Losing $10,000 to $20,000 in this kind of a scam could be enough to put them out of business, she warns.  "The risk is higher [for these nonprofits] even though the types of threats they face are similar to enterprise organizations," she says. "Maybe not as many nation-state attacks, but commercial attacks hit them hard enough."   While ransomware is a huge disruptor for K-12 schools, CLTC is also seeing a growing number of supply chain attacks against K-12 vendors. CLTC convened a group of education technology vendors to discuss security next-steps shortly after cyberattackers exploited vulnerabilities in the widely used MOVEit file transfer application. The attacks resulted in one of the largest data breaches affecting K-12 schools, exposing students' personal and health information — an attacker's treasure trove.  Related:Shadow AI in Healthcare Is Here to Stay "The education technology industry is behind the times with cybersecurity," Powazek says. "They have few bug bounty programs or vulnerability disclosure programs." Every school uses Microsoft and Google — and less than 10 vendors account for 80% of the ed-tech market, according to Powazek. Applying the right amount of pressure on vendors to implement secure-by-design initiatives and turn on multifactor authentication by default "could have a cascading effect on the K-12 industry," she says.  Perspective: It's a Community Center Issue  Powazek also points to CLTC's state-run volunteering initiative. Its goal is to act as a bridge. Cyber reserve teams will deploy state volunteers to help recover from a city ransomware incident, for example.  States and localities are trying to build up the people and infrastructure to start taking care of these incidents by themselves, knowing that the feds are pulling back even more, she adds. "It was an issue even before CISA had this exodus, but it didn't extend the last mile," Powazek says. "It didn't penetrate to communities themselves." Community security is national security, emphasizes Powazek, and that's what she'd like her work at CLTC to highlight. Take less-resourced organizations and large enterprises together, and "it's a large attack surface for the US," she says. Tackling security for the former will only benefit the larger picture. "Understand it as a community center issue — homeless services, legal aids, food banks — all those types of organizations that really don't have IT staff but are integral to the community," she says.  About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars Anatomy of a Data Breach: What to Do if it Happens to You How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap More Webinars You May Also Like CYBER RISK How Can CISOs Respond to Ransomware Getting More Violent? by James Doggett JAN 28, 2026 CYBER RISK US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity by Alexander Culafi JAN 05, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBERSECURITY OPERATIONS Helping Romance Scam Victims Requires a Proactive, Empathic Approach APR 24, 2026 CYBER RISK Electricity Is a Growing Area of Cyber-Risk APR 22, 2026 VULNERABILITIES & THREATS NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities APR 16, 2026 СLOUD SECURITY Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads APR 13, 2026 Read More The Edge Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS