Why do federal initiatives to safeguard schools from cybersecurity threats fail to deliver?

Right, here’s a bit of a shocker for you: the cost of protecting American schools from cybercriminals could shoot up to a whopping $5 billion. Believe it or not, this is not a set for an action film, this is real life.

So, what’s got the Yanks in a tizzy? Things came to a head in August 2023 when the White House made an announcement that they’ll be boosting cybersecurity in K-12 schools. Now, I’m a fellow who does a fair bit of teaching and research on cybersecurity, and let me tell you, this is no small feat. The statistics are quite mind-boggling; there were 386 recorded cyberattacks in the U.S. education sector between 2018 and mid-September 2023, costing the schools the earth – all of $35.1 billion.

The twist in the tale is that it isn’t just mature learners or university sites that are under threat. It’s the primary and secondary schools, the ones we refer to as the K-12 sector, that seem to be in the crosshairs. Schools are a hot bed for personal data about youngsters that could unfortunately be exploited by cybercriminals who’d have no qualms applying for fraudulent government benefits or setting up unauthorized accounts. To make matters worse, more and more schools have been lending electronic devices to students, inadvertently opening the door to cyber miscreants even wider.

Here’s the Brit perspective: poor cybersecurity performance can often be attributed to lack of sufficiently trained staff in schools. We’re looking at about two-thirds of school districts not having a full-time cybersecurity personnel. And when there is a cybersecurity team, there often isn’t a budget for a chief information security officer. Firefighting on this front often falls on the shoulders of the IT director who is already fairly stretched with his or her own remit. It’s kind of like playing football with no goalie.

There’s insufficient cybersecurity acumen even amongst the existing staff. Only a measly 10% of educators claim to have a clear understanding of cyber security, and the majority of students also report having minimal to no knowledge about it.

The fledgling cybersecurity training initiative by the Cybersecurity and Infrastructure Security Agency seems like a step in the right direction in providing training to an additional 300 schools, but it’s only going to act as a sticking plaster for a gaping wound. The magnitude of the cybersecurity task at hand is almost overwhelming, and the current proposed funding is nowhere near enough.

We need reference points to determine how much should really be spent on cybersecurity. If we were to look at per employee cybersecurity costs, there are over 4 million teachers in the United States. Similar to what’s spent in the financial services industry, if schools allocated $1,300 per teacher, this would require schools to cough up $5 billion. Or if we allocated spending relative to the IT budget, 10% would equate a hefty $5 billion too. There’s no escaping it folks; there’s a definite need to loosen those purse strings.

Guess we’ve got to dig deep and pay the piper if we don’t want to dance to the cybercriminals’ tune. So, to my American mates, brace yourselves: it’s high time you bolster up cybersecurity in K-12 schools. The future of your nation’s education is at stake.

by Parker Bytes