Cybersecurity Survey: External Threats Growing Faster Than Response Capabilities

In a new survey, a majority of education organizations reported they have not improved their cybersecurity detection or resolution capabilities — even as attacks against schools have skyrocketed during the pandemic. That's according to seventh annual Public Sector Cybersecurity Survey Report from SolarWinds, released this morning. 

Cybersecurity experts and the U.S. Department of Education have warned in recent months of the marked increase in cyberattacks on schools and universities, and the K–12 Cybersecurity Act of 2021, signed into law in October, directs the Cybersecurity and Infrastructure Security Agency to identify risks and provide resources for schools to better protect their IT security. According to Government Computer News, from Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks, or 63% of all such attacks.

This year’s SolarWinds cybersecurity survey includes responses from 400 IT operations and security decision-makers, including 200 federal, 100 state and local, and 100 education respondents, SolarWinds said.

“This year’s results demonstrate that while IT security threats have increased — primarily from the general hacking community and foreign governments — the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable,” said Brandon Shopp, SolarWinds group vice president for product strategy. “But the data also shows an increased awareness and adoption of zero trust, as well as a commitment to invest in IT solutions and adopt cybersecurity best practices outlined in the Administration’s Cybersecurity Executive Order. It’s through these steps that public sector organizations can enhance their cybersecurity posture and fight the rising tide of external threats.”

Key findings in the education sector from the 2021 survey:

  • Careless/untrained insiders (53%) are the largest source of security threats at education institutions, followed by the general hacking community (49%) and foreign governments (25%).
    • Although 56% of all public sector respondents stated that threats posed by foreign governments have increased since 2020, only 25% of education respondents reported foreign governments as a threat.
  • When asked about specific types of security breaches, the public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) has increased the most over the last year.
  • Lack of training (40%), low budgets and resources (37%), and the expanded perimeter (32%) as a result of increased remote work continue to plague public sector security pros.
    • Education respondents are the most likely to struggle to identify the root cause of security issues, hampering their ability to both detect and remediate such threats.
    • About 60% of respondents noted both the time to detection and time to resolution remained the same or worsened between 2020 and 2021.
  • Public sector respondents suggest improving investigative and remediation capabilities, as well as reducing barriers to sharing threat information between public and private sectors, as the top priorities for compliance with the Cybersecurity Executive Order.
    • Among state, local, and education organizations, 88% are likely to adopt cybersecurity best practices and activities from the Cybersecurity Executive Order, including almost 100% of respondents from K-12 schools and 84% of higher ed institutions.

For the full report, visit SolarWinds’ website.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • interconnected cloud icons with glowing lines on a gradient blue backdrop

    Report: Cloud Certifications Bring Biggest Salary Payoff

    It pays to be conversant in cloud, according to a new study from Skillsoft The company's annual IT skills and salary survey report found that the top three certifications resulting in the highest payoffs salarywise are for skills in the cloud, specifically related to Amazon Web Services (AWS), Google Cloud, and Nutanix.

  • a hobbyist in casual clothes holds a hammer and a toolbox, building a DIY structure that symbolizes an AI model

    Ditch the DIY Approach to AI on Campus

    Institutions that do not adopt AI will quickly fall behind. The question is, how can colleges and universities do this systematically, securely, cost-effectively, and efficiently?

  • minimalist geometric grid pattern of blue, gray, and white squares and rectangles

    Windows Server 2025 Release Offers Cloud, Security, and AI Capabilities

    Microsoft has announced the general availability of Windows Server 2025. The release will enable organizations to deploy applications on-premises, in hybrid setups, or fully in the cloud, the company said.

  • digital brain made of blue circuitry on the left and a shield with a glowing lock on the right, set against a dark background with fading binary code

    AI Dominates Key Technologies and Practices in Cybersecurity and Privacy

    AI governance, AI-enabled workforce expansion, and AI-supported cybersecurity training are three of the six key technologies and practices anticipated to have a significant impact on the future of cybersecurity and privacy in higher education, according to the latest Cybersecurity and Privacy edition of the Educause Horizon Report.