Cybersecurity Training Elusive in K–12
- By Dian Schaffhauser
haven't, for the most part, received basic cybersecurity training.
Just 43 percent said their schools had provided such training, while
48 percent said they hadn't and eight percent said they didn't know
or weren't sure. And even though 54 percent of teachers said they
were using personal devices for remote learning, a third (35 percent)
reported that their school or district hadn't provided any guidelines
or resources for protecting those devices.
Those data points
surfaced in a survey
undertaken for IBM
Security by Morning
Consult. The survey received responses from 1,000 U.S.
educators and 200 administrators in both K-12 and higher education.
The goal was to better understand the level of cybersecurity
awareness, preparedness and training within schools during the shift
to remote schooling.
The survey, which
was undertaken in October 2020, was accompanied by an IBM
announcement of in-kind
grants valued at $3 million to help strengthen
cybersecurity in schools.
Most K-12 educators
also said they weren't particularly concerned about their schools
becoming the target of a cyberattack in the future. While 43 percent
of teachers said they were "very" or "somewhat"
concerned about a security event occurring, a larger share--55
percent--said just the opposite. (The remaining three percent
expressed uncertainty.) Among K-12 administrators, the proportion of
people who were concerned at some level was slightly higher--49
percent--with the same percentage saying they weren't concerned.
Yet when asked what
their largest concerns were as a result of a ransomware attack at
their schools, two-thirds of teachers (65 percent) mentioned worries
about personal data of educators being compromised. Sixty-four
percent said disruption of classes was high on the list of concerns
(referenced by 64 percent), and being unable to communicate with
students (63 percent). Among administrators, the biggest worry was
the personal data of students being compromised, listed by 78 percent
of respondents. Number two was an inability to access email and
disruption of classes (both 71 percent). Compromise of educator data
came in fourth, referenced by 69 percent.
The survey found
high numbers of K-12 teachers unfamiliar with the various forms of
cyberattacks. For example, 48 percent of K-12 educators said they had
no familiarity with "videobombing." Likewise, the same
percentage said they didn't know what denial-of-service attacks were.
Four in 10 (41 percent) were unfamiliar with ransomware attacks. More
K-12 educators knew something about data breaches (75 percent) and
phishing scams (79 percent).
The greatest worry
among the K-12 segment was a data breach affecting schools, mentioned
by 47 percent of respondents. That was followed by phishing scams,
referenced by 44 percent. Among K-12 administrators, specifically,
phishing scams dominated the list of concerns (mentioned by 55
percent), followed by data breaches (52 percent).
more likely than teachers to say their schools had been hit by a
cyberattack, 14 percent compared to nine percent. But confidence was
high among both groups that their school or district would be able to
manage the consequences of a cyberattack; 72 percent of teachers and
82 percent of administrators said they were "very" or
"somewhat" confident of the response.
The biggest barrier
to implementing stronger cybersecurity initiatives came down to
money. Fifty-three percent of K-12 educators said budget was a
"large" or "medium" barrier, while 45 percent
referenced either skills or availability of technology, 43 percent
designated education and 41 percent cited awareness. Budget was also
pinpointed as the big barrier among K-12 administrators (cited by 63
percent), versus availability of technology (45 percent) or skills
(44 percent). Awareness and education were also mentioned by 43
percent of K-12 administrators as additional hurdles.
To address budget
shortfall in K-12, IBM has begun a new education cybersecurity grant
that will help U.S. public school districts better prepare for
cyberattacks, including ransomware. A total of six grants of in-kind
services, valued at $500,000 each ($3 million in total), will be
awarded in 2021 to school districts that apply for the grant via
an IBM landing page. Applications are being taken
until Mar. 1, 2021, and recipients will be announced shortly after.
School districts will be selected to receive the grant based on their
level of cybersecurity needs and how they meet the criteria outlined
by IBM. Rather than direct funding, the winning school systems will
receive resources and hours performed by IBM Service Corps teams of
six to 10 people. Volunteers will provide services such as developing
incident response plans, providing basic cybersecurity training such
as password hygiene and implementing strategic communication plans to
use in response to a cyber incident.
attacks on schools have become the new snow day for students,"
said Christopher Scott, director of security innovation in IBM's
Office of the CISO, in a statement. "Stay-at-home orders, and
the switch to remote learning, have changed the focus for
cybercriminals looking for easy targets as everyone from
kindergartners to college professors have adopted remote
technologies. And with budgets focused on new ways of learning, many
schools are in need of additional resources and technology to change
the dynamic and lower the financial ROI for the bad guys targeting
The complete results
of the survey are openly available on
the IBM website.