K–12 IT Pros See Careless Insiders and Foreign Governments as Top Security Threats
A new survey of public sector IT professionals finds that the biggest data security threats come from a wide range of sources, from simple carelessness to intentional hacking from foreign governments.
According to the eighth-annual Public Sector Cybersecurity Survey Report from SolarWinds, which provides IT security and management solutions, among education professionals, the most widely cited source of security problems was "careless/untrained insiders," with 58% of respondents from the education sector saying this is a major source of threats. That was followed closely by foreign governments, at 56%. The "general hacking community" came in third, at 54%.
Despite the relatively high profile of ransomware attacks on schools, colleges, and universities, only 26% or education respondents cited ransomware as a concern. Among education sector respondents, 13% said their organizations had been impacted by ransomware in the last 12 months.
Worms (23%) and mobile trojans (21%) also made the list of security concerns among education organizations.
In K–12 specifically, spam was cited as the biggest IT security threat. And according to the data, 54% of K–12 respondents said they "have been impacted by spam in the past 12 months."
Interestingly, in terms of approaches to data security, 92% of education respondents "find it very or somewhat important to implement a zero-trust approach, ranking the highest among all public sector groups and increasing by 10% from 2021." However, among K–12 respondents specifically, 77% "do not know or are not familiar with a zero-trust approach or are not considering a zero-trust approach."
"Lack of zero-trust implementation on the part of workers will open a wide space for hackers to compromise the data security and use them for malicious purposes," said one survey respondent.
What approaches are K–12 institutions taking to data security. According to the survey, "43% of K–12 respondents shared that their organization is following the OMB federal strategy and roadmap, the leading response for K–12 respondents."
Other findings from the survey include:
-
In terms of approaches to zero trust, "OMB and DoD frameworks are relied on most" (33%), followed by NIST Zero Trust architecture (15%) and CISA’s Zero Trust Maturity Model (10%);
-
Among all public sector respondents (government, education, and healthcare included), 66% of respondents "feel their IT environment is extremely/very complex to manage," and just 5% said they "feel extremely confident in their ability to manage these environments"; In K–12, 48% "are moderately confident in their organization’s ability to manage its IT environment, and 48% are slightly confident or not at all confident";
-
Education respondents were least likely to be confident in their organization's ability to manage IT complexity among all public sector types;
-
52% of education respondents said they "lack visibility across environments";
-
53% of education respondents said they "lack visibility across teams"; and
-
Among all public sector organizations, "The top three barriers to managing complex IT environments are an insufficient number of IT staff (41%), followed by time constraints (39%), and budget issues (35%)."
"The threat foreign governments pose to the security of government IT systems has steadily increased throughout the years,'' said Brandon Shopp, group vice president, product strategy at SolarWinds, in a prepared statement. "However, it is reassuring to see this year's data showing public sector organizations continue to recognize top security threats, adopt zero-trust strategies, and seek vendor attestations and SBOMs to better secure the software supply chain — all of which are crucial to maintaining a high standard of security across federal and state government, as well as in the education and defense sectors."
The eighth-annual Public Sector Cybersecurity Survey Report is available on SolarWinds' website.