State edtech leaders say schools have insufficient cybersecurity funding
Only a handful of U.S. states and territories are seen to be providing sufficient funding to tackle the growing cyberthreats against K-12 schools, according to a new survey of state educational technology leaders.
The inaugural State EdTech Trends Report, published by the State Educational Technology Directors Association and Whiteboard Advisors, includes responses from more than 80 educational technology directors, state superintendents and other senior state officials from all 50 states, the District of Columbia, Northern Mariana Islands and the Department of Defense Education Activity, the Pentagon branch that operates schools on U.S. military bases.
Alongside equitable internet access and quality digital instruction, cybersecurity was highlighted as one of digital learning leaders’ top concerns in the survey, with 70% reporting that their state education agency, or at least one local education agency, was the victim of a cyberattack in the past year.
School cybersecurity efforts are widely seen as underfunded, however, with 57% of survey respondents reporting that their states provide very little financial support. Just 6% of respondents indicated that their state provided ample funding for school cybersecurity efforts.
“Cybersecurity and privacy were consistently identified as high priorities for technology in the survey responses, yet respondents also indicated that resource allocations often don’t align with the level of priority,” an analysis of the survey results reads.
One anonymous respondent quoted in the report said that before the pandemic, their state averaged 4 billion attempted cyberattacks on K-12 each year. That figure increased during the pandemic and is still increasing, they said.
Concerns about the growing number of cyberattacks on K-12 schools highlighted in the survey align with recent warnings from the FBI, the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center about the sector becoming a frequent target of ransomware attacks in recent years.
In an advisory published Tuesday, the FBI, CISA, and the MS-ISAC warned that ransomware attacks on K-12 organizations may increase as the 2022-23 school year begins, and provided specific recommendations on how to avoid attacks from ransomware group Vice Society, which has targeted a number of school districts recently, including one in Cedar Rapids, Iowa, last month.
Earlier this week, the Los Angeles Unified School District, the nation’s second-biggest public-school system, said it had suffered a ransomware attack, though the threat group responsible has not yet been identified.