TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Cyberattacks & Data Breaches Trellix Source Code Breach Highlights Growing Supply Chain Threats Trellix Source Code Breach Highlights Growing Supply Chain Threats by Rob Wright May 5, 2026 3 Min Read Vulnerabilities & Threats Why Security Leadership Makes or Breaks a Pen Test Why Security Leadership Makes or Breaks a Pen Test by Jai Vijayan May 5, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Cyber Risk Endpoint Security Mobile Security Remote Workforce Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations The UC Berkeley Center for Long-Term Cybersecurity (CLTC) offers tools and support to schools, local governments, and non-profits as they defend themselves against a growing volume of cyberattacks. Arielle Waldman , Features Writer , Dark Reading May 5, 2026 5 Min Read Source: imageBROKER.com via Alamy Stock Photo States, cities, and localities are struggling to stay ahead of devastating cyberattacks — and some under-resourced organizations are buckling under pressure. Recent cuts to federal initiatives and policy changes mean they can't expect help from that quarter, paving the way for independent organizations and initiatives to fill the ever-widening void. The Cybersecurity Infrastructure and Security Agency (CISA) has seen its budget slashed and its workforce dramatically downsized over the past two years. The U.S. government has also pulled back help for the Multi-State Information Sharing and Analysis Center, a public-private information-sharing initiative for people, businesses, and governments at the state, local, and tribal levels. And the White House's Cyber Strategy for America encourages organizations to adopt a more offensive approach as part of their defense strategy , something that may be difficult, if not out of reach, for smaller-scale organizations lacking dedicated IT and cybersecurity teams. Related: Electricity Is a Growing Area of Cyber-Risk The University of California Berkeley's Center for Long-Term Cybersecurity (CLTC)fills this growing gap by providing tools and services for low-resource organizations like nonprofits, municipalities, and schools. "The feds have pulled back so hard on funding and support," Sarah Powazek, CLTC program director of public interest cybersecurity, tells Dark Reading. "It's sort of everyone for themselves at the local level." 'Out of Reach For Smaller Organizations' CLTC sees the problems and provides several initiatives to help resourced-strapped entities solve them. More importantly, the research and collaboration hub understands these groups have limitations. They need services – human to human hands-on help – before they need toolkits, checklists, and software. "[We're] in a state where there are a lot of tools for free, but very few people have free services," she says. On the research side, CLTC has Cybersecurity for Cities and Nonprofits (CyberCAN)where they partner with cities, counties, and state governments to do surveying research for nonprofits in their regions and subsequently share that information. For example, research could highlight the number of attacks or the security health of nonprofits. Coalition building, which includes cybersecurity clinics, is more hands-on. The clinics operate as a dual workforce training/cybersecurity defense program. Students, including undergraduates, learn to do basic vulnerability or risk assessments for local organizations, while nonprofits, schools, cities, and small businesses receive similar help that they'd get from a professional service. One important distinction: It's free. Related: Lies, Damned Lies, and Cybersecurity Metrics "I used to work for CrowdStrike and those engagements are very expensive and pretty much out of reach for smaller organizations," she says. "But they're the ones who need hands on support and education the most." More Attacks, Less Support Schools, local government, and non-profits are dealing with cyberattacks of all kinds; ransomware is just one of the many threats they face. A phony invoice is enough to get nonprofits — operating with small budgets and margins — to hand over a large chunk of money, according to Powazek. Non-profits have to prioritize funding support operations and delivering services, which leaves little for cybersecurity. Losing $10,000 to $20,000 in this kind of a scam could be enough to put them out of business, warns Powazek. "The risk is higher [for these non-profits] even though the types of threats they face are similar to enterprise organizations," she says. "Maybe not as many nation-state attacks, but commercial attacks hit them hard enough." While ransomware is a huge disruptor for K-12 schools, CLTC is also seeing a growing number of supply chain attacks against K-12 vendors. CLTC convened a group of education technology (Edtech) vendors to discuss security next-steps shortly after cyberattackers exploited vulnerabilities in the widely used MOVEit file transfer application . The attacks resulted in one of the largest data breaches affecting K-12 schools, exposing students' personal and health information — an attacker's treasure trove. Related: Shadow AI in Healthcare Is Here to Stay "The education technology industry is behind the times with cybersecurity," Powazek says. "They have few bug bounty programs or vulnerability disclosure programs." Every school uses Microsoft and Google — and less than 10 vendors account for 80% of the Edtech market, according to Powazek. Applying the right amount of pressure on vendors to implement secure-by-design initiatives and turn on multifactor authentication by default "could have a cascading effect on the K-12 industry," she says. Perspective: It's a Community Center Issue Powazek also highlighted CLTC's state-run volunteering initiative. Their goal is to act as a bridge. Cyber reserve teams will deploy state volunteers to help recover from a city ransomware incident, for example. She's seen that states and localities are trying to build up the people and infrastructure to start taking care of these incidents by themselves, knowing that the feds are pulling back even more. "It was an issue even before CISA had this exodus, but it didn't extend the last mile," she says. "It didn't penetrate to communities themselves." Community security is national security, emphasizes Powazek, and that's what she'd like her work at CLTC to highlight. Take less-resourced organizations and large enterprises together and "it's a large attack surface for the U.S." Tackling security for the former will only benefit the larger picture. "Understanding it as a community center issue – homeless services, legal aids, food banks – all those types of organizations that really don’t have IT staff but are integral to the community," she says. Don't miss the latest Dark Reading Confidential podcast, NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later , for a candid conversation with Chris Inglis, head civilian in charge of the NSA during the Edward Snowden affair. Inglis reflects what the NSA should have done better, what he wants CISOs to know about protecting against their own insider threats, and what his reaction would be if Snowden received a pardon. Listen now! About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection. See more from Arielle Waldman Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Tips for Managing Cloud Security in a Hybrid En