Cybersecurity, Emerging Issues in Security

How Educational Institutions Can Let Go of Hesitancies and Embrace Cybersecurity

As school systems desperately try to keep up with ever-evolving technology, one urgent area for major improvement is cybersecurity.

Over the last six years, K-12 school districts have seen a significant increase in cyberattacks, with a total of 1,331 publicly disclosed K-12 cyber incidents involving more than a thousand school districts and other public education agencies. Cyberattacks on educational institutions have increased 44% compared to 2021, and many have made major headlines, such as the LAUSD ransomware attack in September.

While education is an industry notoriously vulnerable to bad actors, it can strengthen its security posture by purging outdated legacy systems, mandating cybersecurity education, and using external experts to augment security efforts where needed. Making these changes will significantly reduce potential attacks, as well as the costly damage associated with them.

What Is Currently Plaguing Security Innovation in Schools?

Educational institutions are already playing catch-up when it comes to technological innovation, causing schools to be especially susceptible to cybersecurity attacks. In addition to hesitancies to innovate, cost and the skills gap are challenges schools face when it comes to cybersecurity.

Skills shortages negatively impact the industry across every vertical, and with school districts already struggling to fill positions due to available funding and opportunity to grow, often being limited, a perfect storm is brewing for cybersecurity attacks.

Educators and administrators are forced to take on other roles and projects that go beyond their expertise, including cybersecurity. While many understand its importance, they don’t have the skills or time to focus on the right cyber protection for their schools, making educational institutions more vulnerable to detrimental attacks.

Additionally, many boards of education and superintendents view the initial price tag for cybersecurity tools and solutions as something they cannot afford. Ultimately, leaders should analyze the ROI of cyber protection and future insurance. The cost of a ransomware attack will most certainly be higher and more destructive than the initial investment in protective technology. Large government entities recognize that cost is a key factor for schools being behind in cyber protection and are being urged to help where they can. Recently CISA announced it will be expanding funding for cybersecurity programs to HBCUs and K-12 schools, helping schools work to a more secure future.

Lastly, outdated technology and legacy systems are holding educational institutions back when it comes to securing their environments. Many of the technology and processes still being used in schools are not efficient, require too much human intervention, and expose the organizations to multiple levels of vulnerability. While it might be seen as too time consuming to learn and master new technology, it will end up saving time in the long run since these tools are not only helping to secure the environment, but also automate repetitive and manual work performed by IT and cybersecurity staff.

How Educational Institutions Can Move Forward

We know one of the primary reasons for the lack of cyber protection in schools is that the workforce is often not provided sufficient training or equipped to handle cyber breaches and attacks. By augmenting teams with external experts for tasks like vulnerability management, incident detection and response, and threat intelligence, educational institutions can feel secure knowing their network is constantly being monitored for unusual and dangerous activities.

Depending on the type of security platform chosen, some teams can handle sorting through alerts with minimal escalation to the organization’s staff. By using external expertise to augment cybersecurity efforts, schools are being properly protected while teachers and administrators can focus on their main job function.

Offering cybersecurity awareness training is another way educational institutions can protect themselves from cyberattacks and breaches. Students, teachers, and other staff are some of the biggest risks to their own data because they aren’t familiar with cybersecurity best practices. With educational tools such as online trainings and webinars, students, their families, and administrators can learn about the risks they should be aware of and better understand cyber safety on school networks. This also can help build long-lasting awareness of cybersecurity issues that could protect those people personally. Also, many of these tools are free, which mitigates concerns around extra costs associated with cybersecurity investment. 

Not all, but unfortunately many, school districts continue viewing cybersecurity as a nice-to-have, not a necessity, and working on upgrading outdated legacy systems is a problem they don’t want to tackle with their limited resources. If this mindset continues to prevail across many parts of the education space, they will continue to be vulnerable to attack and be breached.

What are your thoughts on ways that education and academia can become leaders in cybersecurity and better use their limited resources to secure their environments?

Jordan Mauriello is Chief Security Officer at Critical Start.