SolarWinds Public Sector Cybersecurity Survey: External Threats Growing Faster Than Response Capabilities

In its seventh annual Public Sector Cybersecurity Survey Report released this morning, SolarWinds found that a majority of education organizations surveyed have not improved their cybersecurity detection or resolution capabilities — even as attacks against schools have skyrocketed during the pandemic.

Cybersecurity experts and the U.S. Department of Education have warned in recent months of the marked increase in cyberattacks on schools and universities, and the K–12 Cybersecurity Act of 2021, signed into law in October, directs the Cybersecurity and Infrastructure Security Agency to identify risks and provide resources for schools to better protect their IT security. According to Government Computer News, from Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks, or 63% of all such attacks.

This year’s SolarWinds cybersecurity survey includes responses from 400 IT operations and security decision-makers, including 200 federal, 100 state and local, and 100 education respondents, SolarWinds said.

“This year’s results demonstrate that while IT security threats have increased — primarily from the general hacking community and foreign governments — the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable,” said Brandon Shopp, SolarWinds group vice president for product strategy. “But the data also shows an increased awareness and adoption of zero trust, as well as a commitment to invest in IT solutions and adopt cybersecurity best practices outlined in the Administration’s Cybersecurity Executive Order. It’s through these steps that public sector organizations can enhance their cybersecurity posture and fight the rising tide of external threats.”

Key findings in the education sector from the 2021 survey:

  • Careless/untrained insiders (53%) are the largest source of security threats at education institutions, followed by the general hacking community (49%) and foreign governments (25%).
    • Although 56% of all public sector respondents stated that threats posed by foreign governments have increased since 2020, only 25% of education respondents reported foreign governments as a threat.
  • When asked about specific types of security breaches, the public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) has increased the most over the last year.
  • Lack of training (40%), low budgets and resources (37%), and the expanded perimeter (32%) as a result of increased remote work continue to plague public sector security pros.
    • Education respondents are the most likely to struggle to identify the root cause of security issues, hampering their ability to both detect and remediate such threats.
    • About 60% of respondents noted both the time to detection and time to resolution remained the same or worsened between 2020 and 2021.
  • Public sector respondents suggest improving investigative and remediation capabilities, as well as reducing barriers to sharing threat information between public and private sectors, as the top priorities for compliance with the Cybersecurity Executive Order.
    • Among state, local, and education organizations, 88% are likely to adopt cybersecurity best practices and activities from the Cybersecurity Executive Order, including almost 100% of respondents from K-12 schools and 84% of higher ed institutions.

Find the full survey report at SolarWinds’ website.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • close-up of a video game controller

    Verizon Launches Free Scholastic High School Esports League

    Through its Verizon Innovative Learning HQ suite of free learning content and resources, Verizon has launched its first-ever scholastic high school esports league. The league opened for registration on Aug. 8 and will run from Sept. 23 to Dec. 13.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report Finds Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, an open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a recent report from Microsoft.

  • AI-inspired background pattern with geometric shapes and fine lines in muted blue and gray on a dark background

    IBM Introduces Granite 3.0 Family of Advanced AI Models

    IBM unveiled its most advanced family of AI models to date, Granite 3.0, at its annual TechXchange event. The new models were developed to provide a combination of performance, flexibility, and autonomy that outperforms or matches similarly sized models from leading providers on a range of benchmarks.

  • Abstract illustration of a human news reporter interviewing an AI with a microphone

    AI on AI in Education: A Dialogue

    Scholars are doing lots of asking and predicting about the risks and rewards of generative artificial intelligence in school, but has anyone asked the all-knowing chatbots?