The school year is underway and millions of devices are now in the hands of students. More than 80 percent of today’s K-12 organizations provide computers to students and an estimated 70 percent of schools will be one-to-one by 2020. With school-issued devices commonplace, schools have become easy targets for cyberattacks.
Since 2016, nearly 700 cyber incidents have hit K-12 organizations. And threats like ransomware have forced schools to close their doors, and even compelled Louisiana’s Governor to declare a state of emergency after several schools were wrecked by the Ryuk ransomware in the summer of 2019.
The K-12 attack surface has lured cybercriminals, but the technology itself has also become somewhat of a nightmare. In Absolute’s new study, Cybersecurity and Education: The State of the Digital District in 2020, we looked at 3.2 million devices across 1,200 schools and discovered over 6,400 unique Chrome extensions in-use, 319 security bypass apps (e.g. rogue VPN), and more than 130,000 app versions. The IT complexity is staggering.
Based on the new research, we see three key challenges facing today’s K-12 technology leaders – challenges no other industry faces.
- Savvy students — more than five times as many tools for users to tunnel around security controls and policies than other sectors. (rogue apps were found in 42 percent of organizations)
- Increased complexity — within five years, K-12 IT leaders have gone from managing a couple of operating systems, a handful of apps, and a few hundred devices to managing hundreds of versions of operating systems, apps, extensions, and thousands of devices. (93 percent of common apps are outdated)
- Increased endpoint risk — as complexity expands, so does risk, leaving both students and schools increasingly vulnerable to cyberattacks. Case in point: schools have become the second-largest pool of ransomware victims, slightly behind local governments and closely followed by healthcare organizations. (56 percent of patch agents fail)
It is no surprise then, that 68 percent of K-12 IT leaders say cybersecurity is their top priority, and nearly half (47 percent) say their primary investment will be security controls and tools. But K-12 IT leaders must carefully consider their plans for more security spend and take aim at cyber resilience above all else.
School districts are saddled with the expectation to demonstrate ROI (the effects of the one-to-one program) but on the other hand, they need to keep tabs on security and inventory gaps in a quickly growing endpoint population. Read: Quantifying K-12 Device Use with Absolute.
How do you solve the riddle? Resilience is the key.
Winning the Battle Against Cyber Threats
It is increasingly critical school districts work to reduce IT complexity and improve endpoint resiliency by gaining visibility to every device everywhere. Then, IT leaders can identify use patterns, justify tech spend for maximum ROI, and discover device use patterns and rogue apps, how often devices are used, and what risks students are creating. K-12 IT leaders can rely on Absolute to unmask complexity risks and automate endpoint security—restoring fragile security controls, apps, and agents—to safeguard digital learning for the next generation.
To learn more about the cyber risks facing today’s K-12 schools, download the full report Cybersecurity and Education: The State of the Digital District in 2020.