Cybersecurity Training Elusive in K–12
haven’t, for the most part, received basic cybersecurity training.
Just 43 percent said their schools had provided such training, while
48 percent said they hadn’t and eight percent said they didn’t know
or weren’t sure. And even though 54 percent of teachers said they
were using personal devices for remote learning, a third (35 percent)
reported that their school or district hadn’t provided any guidelines
or resources for protecting those devices.
Those data points
surfaced in a survey
undertaken for IBM
Security by Morning
Consult. The survey received responses from 1,000 U.S.
educators and 200 administrators in both K-12 and higher education.
The goal was to better understand the level of cybersecurity
awareness, preparedness and training within schools during the shift
to remote schooling.
The survey, which
was undertaken in October 2020, was accompanied by an IBM
announcement of in-kind
grants valued at $3 million to help strengthen
cybersecurity in schools.
Most K-12 educators
also said they weren’t particularly concerned about their schools
becoming the target of a cyberattack in the future. While 43 percent
of teachers said they were “very” or “somewhat”
concerned about a security event occurring, a larger share–55
percent–said just the opposite. (The remaining three percent
expressed uncertainty.) Among K-12 administrators, the proportion of
people who were concerned at some level was slightly higher–49
percent–with the same percentage saying they weren’t concerned.
Yet when asked what
their largest concerns were as a result of a ransomware attack at
their schools, two-thirds of teachers (65 percent) mentioned worries
about personal data of educators being compromised. Sixty-four
percent said disruption of classes was high on the list of concerns
(referenced by 64 percent), and being unable to communicate with
students (63 percent). Among administrators, the biggest worry was
the personal data of students being compromised, listed by 78 percent
of respondents. Number two was an inability to access email and
disruption of classes (both 71 percent). Compromise of educator data
came in fourth, referenced by 69 percent.
The survey found
high numbers of K-12 teachers unfamiliar with the various forms of
cyberattacks. For example, 48 percent of K-12 educators said they had
no familiarity with “videobombing.” Likewise, the same
percentage said they didn’t know what denial-of-service attacks were.
Four in 10 (41 percent) were unfamiliar with ransomware attacks. More
K-12 educators knew something about data breaches (75 percent) and
phishing scams (79 percent).
The greatest worry
among the K-12 segment was a data breach affecting schools, mentioned
by 47 percent of respondents. That was followed by phishing scams,
referenced by 44 percent. Among K-12 administrators, specifically,
phishing scams dominated the list of concerns (mentioned by 55
percent), followed by data breaches (52 percent).
more likely than teachers to say their schools had been hit by a
cyberattack, 14 percent compared to nine percent. But confidence was
high among both groups that their school or district would be able to
manage the consequences of a cyberattack; 72 percent of teachers and
82 percent of administrators said they were “very” or
“somewhat” confident of the response.
The biggest barrier
to implementing stronger cybersecurity initiatives came down to
money. Fifty-three percent of K-12 educators said budget was a
“large” or “medium” barrier, while 45 percent
referenced either skills or availability of technology, 43 percent
designated education and 41 percent cited awareness. Budget was also
pinpointed as the big barrier among K-12 administrators (cited by 63
percent), versus availability of technology (45 percent) or skills
(44 percent). Awareness and education were also mentioned by 43
percent of K-12 administrators as additional hurdles.