In 2023, the education sector witnessed a staggering 70% surge in ransomware attacks. Source
In this context, Action1 conducted a survey of 250 IT leaders across schools to assess their readiness to face growing cyber threats. The results? A stark wake-up call for the education sector.
Survey Findings: A Critical Assessment of School Cybersecurity
- Insufficient Support from School Boards: 20% of respondents believe that the current level of support from the school board is insufficient, with a high risk of significant impact on education quality due to ransomware. Additionally, 44% perceive a moderate risk, highlighting widespread concern about potential disruptions to teaching and learning that ransomware can cause. This underscores a critical issue: school boards play a crucial role in allocating resources, setting policies, and guiding overall cybersecurity strategies. A lack of robust support from their side leaves IT teams struggling with limited funding, staffing, and technological resources, often resulting in an inability to effectively safeguard school systems against evolving threats like ransomware.
- Resource Constraints: As schools lack adequate support, they have to operate with limited resources. For instance, 78% of schools lack a dedicated cybersecurity specialist, making it challenging to effectively manage cybersecurity and respond to threats. Additionally, 44% of schools allocate less than 10% of their IT budget to cybersecurity, further impeding their ability to implement comprehensive security strategies.
- Overall Cybersecurity Readiness: 71% of IT leaders rated their overall cybersecurity readiness as moderate or slight. Indeed, schools face complex IT environments with numerous endpoints where students, teachers, and staff access educational resources from various devices and networks. This diversity complicates endpoint security and patch management, especially as many schools use industry-specific applications with unique update workflows. Additionally, nearly one-third (27%) of schools do not conduct regular vulnerability assessments, leaving critical applications on their endpoints exposed to potential flaws, which ransomware can exploit.
- Phishing and MFA Compliance: Although 49% of respondents reported an increase in phishing attacks over the past year, with 20% noting a significant rise, 30% of schools never conduct phishing emulation tests or have done so only once. Without regular phishing tests, staff may not be adequately trained to recognize malicious emails that aim to deliver malware. Additionally, while 90% of schools use multi-factor authentication (MFA) for most critical systems, every fifth teacher is not compliant with MFA guidelines. This lack of adherence to essential cybersecurity controls, which are crucial for defending against ransomware and other threats, highlights a significant gap in security and underscores the vulnerability of schools.
Key Recommendations
Given these challenges, what can schools do to protect themselves? Here are some key recommendations:
1. Use an Endpoint Protection System: A comprehensive endpoint protection solution can help school IT departments better safeguard their environments against various ransomware scenarios, given the shortage of qualified IT staff, by detecting potentially malicious behavior, and responding promptly to security incidents.
2. Implement Automated Patch Management: Automated patch management is essential for ensuring that security updates for operating systems and applications are applied promptly. With limited resources and complex software environments, manual patching can be time-consuming and error-prone. Automated patching simplifies this process, keeping systems up-to-date and secure while reducing the burden on IT staff. This is crucial for preventing ransomware attacks and maintaining the integrity of student data and school operations.
3. Develop a Disaster Recovery Plan: Ensure a structured approach for recovering from potential attacks that could not be prevented or remediated to avoid critical data loss and minimize downtime affecting regular operations. Consider deploying a backup solution integrated with protected storage.
4. Adopt a “Zero-Trust” Approach: Schools should operate under the assumption that every device and user could be a potential threat. This involves verifying every access request and implementing strict controls.
5. Increase Cybersecurity Awareness: Educate staff and students about phishing dangers and regularly conduct phishing emulation tests to improve awareness.
6. Prioritize Regular Vulnerability Assessments: Regular assessments of vulnerabilities on all endpoints can help identify and mitigate risks before they are exploited.
7. Ensure Adherence to MFA Controls: Ensure that every teacher and staff member follows MFA guidelines to secure critical systems.
8. Allocate Adequate Resources to Cybersecurity: Schools are recommended to consider increasing their IT budget allocation for cybersecurity to ensure they have the necessary tools and personnel to defend against cyber threats.
As the school year progresses, strong support from school boards is more critical than ever. Their commitment to cybersecurity not only enables IT leaders to implement effective defenses but also ensures the continuity of education amidst rising cyber threats. Strengthening this support, alongside adopting solutions like automated patch management, is essential for protecting students, staff, and the overall integrity of the educational process.
Methodology and Demography
To compile this survey, we engaged 250 IT leaders from educational institutions across the USA and the UK, with 59% of respondents based in the USA and 41% in the UK. These IT leaders manage a diverse range of endpoints, reflecting the varying scales of their institutions. Specifically, 34% manage between 1,001 and 5,000 endpoints, while 29% handle between 101 and 500 endpoints. Additionally, 24% oversee 501 to 1,000 endpoints, and 10% manage between 1 and 100 endpoints. Only 2% of respondents are responsible for 5,001 to 10,000 endpoints, and no respondents reported managing more than 10,000 endpoints. This distribution provides a comprehensive view of cybersecurity challenges across different-sized educational institutions.
