K–12 IT Pros See Careless Insiders and Foreign Governments as Top Security Threats

A new survey of public sector IT professionals finds that the biggest data security threats come from a wide range of sources, from simple carelessness to intentional hacking from foreign governments.

According to the eighth-annual Public Sector Cybersecurity Survey Report from SolarWinds, which provides IT security and management solutions, among education professionals, the most widely cited source of security problems was "careless/untrained insiders," with 58% of respondents from the education sector saying this is a major source of threats. That was followed closely by foreign governments, at 56%. The "general hacking community" came in third, at 54%.

Despite the relatively high profile of ransomware attacks on schools, colleges, and universities, only 26% or education respondents cited ransomware as a concern. Among education sector respondents, 13% said their organizations had been impacted by ransomware in the last 12 months.

Worms (23%) and mobile trojans (21%) also made the list of security concerns among education organizations.

In K–12 specifically, spam was cited as the biggest IT security threat. And according to the data, 54% of K–12 respondents said they "have been impacted by spam in the past 12 months."

Interestingly, in terms of approaches to data security, 92% of education respondents "find it very or somewhat important to implement a zero-trust approach, ranking the highest among all public sector groups and increasing by 10% from 2021." However, among K–12 respondents specifically, 77% "do not know or are not familiar with a zero-trust approach or are not considering a zero-trust approach."

"Lack of zero-trust implementation on the part of workers will open a wide space for hackers to compromise the data security and use them for malicious purposes," said one survey respondent.

What approaches are K–12 institutions taking to data security. According to the survey, "43% of K–12 respondents shared that their organization is following the OMB federal strategy and roadmap, the leading response for K–12 respondents."

Other findings from the survey include:

  • In terms of approaches to zero trust, "OMB and DoD frameworks are relied on most" (33%), followed by NIST Zero Trust architecture (15%) and CISA’s Zero Trust Maturity Model (10%);

  • Among all public sector respondents (government, education, and healthcare included), 66% of respondents "feel their IT environment is extremely/very complex to manage," and just 5% said they "feel extremely confident in their ability to manage these environments"; In K–12, 48% "are moderately confident in their organization’s ability to manage its IT environment, and 48% are slightly confident or not at all confident";

  • Education respondents were least likely to be confident in their organization's ability to manage IT complexity among all public sector types;

  • 52% of education respondents said they "lack visibility across environments";

  • 53% of education respondents said they "lack visibility across teams"; and

  • Among all public sector organizations, "The top three barriers to managing complex IT environments are an insufficient number of IT staff (41%), followed by time constraints (39%), and budget issues (35%)."

"The threat foreign governments pose to the security of government IT systems has steadily increased throughout the years,'' said Brandon Shopp, group vice president, product strategy at SolarWinds, in a prepared statement. "However, it is reassuring to see this year's data showing public sector organizations continue to recognize top security threats, adopt zero-trust strategies, and seek vendor attestations and SBOMs to better secure the software supply chain — all of which are crucial to maintaining a high standard of security across federal and state government, as well as in the education and defense sectors."

The eighth-annual Public Sector Cybersecurity Survey Report is available on SolarWinds' website.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • Report Explores Teacher and Administrator Attitudes on K–12 AI Adoption

    K–12 administration software provider Frontline Education recently released a new research brief regarding the use of AI adoption in schools, according to a news release. “Insights into K–12 AI Adoption: Educator Perspectives and Pathways Forward” was developed from the results of the Frontline Research and Learning Institute’s annual survey of district leaders.

  • PowerBuddy for Data

    PowerSchool Releases AI-Powered Tools for Students, Admins

    PowerSchool recently announced the general availability of two new AI-powered education tools, one for students and one for education data managers.

  • abstract pattern of interlocking circuits, hexagons, and neural network shapes

    Anthropic Offers Cautious Support for New California AI Regulation Legislation

    Anthropic has announced its support for an amended version of the "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act," California’s Senate Bill 1047 (SB 1047), because of revisions to the bill the company helped to influence — but not without some reservations.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs Off on AI Content Safeguard Laws

    California Governor Gavin Newsom has officially signed a series of landmark artificial intelligence bills into law, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.