Cybersecurity remains the top priority for K-12 technology leaders, even though many continue to underestimate the risk attackers pose to their districts
Despite increases in the severity of attacks, most ed-tech leaders rate common threats as just low or medium risk, according to the annual survey by CoSN, which represents school district IT officials.
What’s more, most districts don’t have the resources in place to dedicate a specific staff member to securing their networks. And that problem could worsen, given new stresses on district IT staff spurred by the pandemic, and a possible uptick in retirements of school district technology staff members, the report notes.
“As cyberattacks become more sophisticated, greater expertise is needed to combat them, and the demand for those skills increases,” the report says. But it points out that school districts aren’t likely to be able to offer the higher salaries that would attract IT workers with cybersecurity expertise.
In fact, just one in five school districts—21 percent—have a staff member dedicated to cybersecurity, according to the survey. Another 21 percent of districts outsource management of network security to private providers or public entities, a percentage that’s likely to grow, the report concluded. Only half of districts surveyed said they require cybersecurity training for teachers and all other staff. And nearly a third say they don’t have training requirements for any staff members—a finding that the report called “alarming,” given attackers’ tendency to “understand human behavior.”
If employees aren’t trained to spot potential problems, they might miss clear signs of a potential phishing attempt, such as a typo or irregularity in the address line of an email purporting to be from a district superintendent.
A slight majority of school districts—62 percent—reported they’ve purchased cybersecurity insurance, the survey found. But, interestingly, about one in six school district tech leaders said they didn’t know whether their district had such insurance.