Although cybersecurity continues to be the top priority for K-12 IT leaders, they underestimate the risks to their systems, according to a new survey by the Consortium for School Networking (CoSN).
The annual CoSN survey found only 8 percent of K-12 IT leaders in the United States consider their district to be at high risk for a ransomware attack, despite school districts being a prime target for cybercriminals.
K-12 IT leaders also rated perceived threats as “low” or “medium risk,” despite an increase in cyberattacks.
What’s more, only a few districts – just 21 percent – have a dedicated full-time equivalent employee to oversee cybersecurity.
“This means that cybersecurity protection is a part-time responsibility in a large majority of school districts,” the report says. “The lack of human capacity around cybersecurity is surprising given that for five years in a row, respondents have ranked it as the highest IT priority.”
Those school districts without a dedicated cybersecurity employee address cybersecurity in a variety of ways. Thirty-four percent said it was a shared responsibility across several jobs, 33 percent said it was part of another job, 21 percent said they outsource, 8 percent said ad hoc, and 3 percent said “other.”
As for cybersecurity training, only half of districts – 50 percent – said they require cybersecurity training for teachers and staff. Thirty percent of school districts don’t require any cybersecurity training for their teachers, administrators, or staff, which the report called “the most alarming result.”
“Most cyberattacks succeed because attackers understand human behavior. We tend not to notice small typos in a weblink or in the email address from an authority figure,” the report says. “Employees who are not trained to be on the alert for these types of deceptions or who are unfamiliar with other cybersecurity best practices, increase vulnerability to cyberattacks.”
CoSN administered the survey from Jan. 11 to Feb. 28 and compiled the results from over 1,500 responses.