Education Security Trends

4 in 10 College Faculty, Admin Unconcerned about Future Cyberattacks

• By Dian Schaffhauser
• 02/17/21

More college administrators than college educators have received basic cybersecurity training. While 71 percent of the administrators said they'd been provided with some training, just 57 percent of the teachers said the same. And even though 81 percent of educators said they were using personal devices for remote learning, just half (50 percent) reported that their institutions had provided any guidelines or resources for protecting those devices.

Those data points surfaced in a survey undertaken for IBM Security by Morning Consult. The survey received responses from 1,000 U.S. educators and 200 administrators in both K-12 and higher education. The goal was to better understand the level of cybersecurity awareness, preparedness and training within schools and colleges during the shift to remote teaching and learning.

More than four in 10 educators (42 percent) said they weren't particularly concerned about their colleges or universities becoming the target of a cyberattack in the future. Among administrators, the count was nearly as high--41 percent.

When asked what their largest concerns were as a result of a ransomware attack at their institutions, more than two-thirds of educators (68 percent) mentioned worries about their personal data being compromised, followed by the personal data of students being hit (66 percent). Sixty-four percent said that disruption of classes and the compromise of school records were of concern.

Among administrators, the biggest worries mirrored that of the instructors. Seventy-one percent listed personal data of educators being compromised, followed by compromise of student data (68 percent).

The survey found high numbers of faculty and instructors unfamiliar with the various forms of cyberattacks. For example, 41 percent said they had no familiarity with "videobombing." A third (32 percent) were unsure what denial-of-service attacks were. Nearly three in 10 (28 percent) were unfamiliar with ransomware attacks. More college educators knew something about data breaches (20 percent said they weren’t familiar with those) and phishing scams (unrecognized by 13 percent).

The greatest worry among the college segment was phishing scams affecting schools, mentioned by 58 percent of respondents, followed by data breaches (57 percent). Among administrators, specifically, phishing scams also dominated the list of concerns (mentioned by 64 percent), followed by data breaches (59 percent).

Faculty were slightly more likely than administrators to report their schools had been hit by a cyberattack, 19 percent compared to 18 percent. But confidence was high among both groups that their institution would be able to manage the consequences of a cyberattack; 80 percent of educators and 83 percent of administrators said they were "very" or "somewhat" confident of the response.

The biggest barrier to implementing stronger cybersecurity initiatives came down to money. Fifty-four percent of college educators said budget was a "large" or "medium" barrier, while 52 percent referenced skills and 46 percent designated availability of technology, education or awareness.

Budget was also pinpointed as the big barrier among K-12 administrators (cited by 50 percent), versus skills (42 percent) and availability of technology (41 percent).

"Ransomware attacks on schools have become the new snow day for students," said Christopher Scott, director of security innovation in IBM's Office of the CISO, in a statement. "Stay-at-home orders, and the switch to remote learning, have changed the focus for cybercriminals looking for easy targets as everyone from kindergartners to college professors have adopted remote technologies. And with budgets focused on new ways of learning, many schools are in need of additional resources and technology to change the dynamic and lower the financial ROI for the bad guys targeting them."

The complete results of the survey are openly available on the IBM website.