Schools are increasingly deploying a “cloud-first” strategy but they can’t keep up with the cyber risks associated with their expanding attack surface, according to a new study. If the recent spate of ransomware attacks on U.S. school districts is any indication, the education sector is in dire need of skilled cybersecurity staff.
New research from Netwrix shows that 53% of educational institutions are ready to start deploying a "cloud-first" strategy for all new services and technologies. Cloud deployments offer proven cost effectiveness and operational efficiency. However, cloud-based operations also require extra attention to privacy and data security. Yet every third organization in this sector suffered a cloud breach in the previous year, and 70% of the very IT teams that deployed cloud solutions don't receive a bit enough budget for cloud security, respondents confessed.
Only 12% of the IT departments surveyed saw their security budgets increase in 2019, and a whopping 98% say their management “is not choosing to hire dedicated IT security staff to support cloud security.”
Recent news reports seem to reflect this decision to deny educational IT departments the resources to defend themselves against hacking. In the past month, hackers have infected entire school districts with ransomware, encrypting precious data and making for a rough start to the school year across several U.S. cities, including the New Kent County Public Schools system in the State of Virginia, and the Rockford Public Schools (RPS) District 205 in the State of Illinois, to name a couple. And another wave of ransomware attacks on state-owned infrastructures across the U.S. now has taxpayers up in arms over local officials giving money to the criminals. According to a survey by Morning Consult on behalf of IBM, 60% of Americans oppose local governments using tax dollars to pay ransom.
Other findings from the Netwrix research include:
- 71% of organizations breached in the previous year never classified all the data they store in the cloud
- 65% of organizations say business users were responsible for the incidents
- IT teams plan to strengthen data security in the cloud by enforcing stricter security policies (41%) and training employees (39%)
- Organizations are likely choosing less costly measures because of lax financial support from management
- Only 19% of educational institutions are ready to move their entire infrastructure to the cloud (down from 32% in 2018)
Tight IT budgets and scarce cybersecurity talent are issues felt throughout almost every vertical, not just in the education sector. To address their shortcomings, organizations should look for solutions that offer increased visibility across both endpoint and network activity, enabling them to detect suspicious activity before attackers gain a foothold.