ebook img

ERIC ED619717: Creating a Common Culture of Action around Cybersecurity: Results from the 2021 Project Tomorrow -- iboss National K-12 Education Cybersecurity Report PDF

2021·1.8 MB·English
by  ERIC
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview ERIC ED619717: Creating a Common Culture of Action around Cybersecurity: Results from the 2021 Project Tomorrow -- iboss National K-12 Education Cybersecurity Report

Creating a Common Culture of Action Around Cybersecurity Results from the 2021 Project Tomorrow – iboss National K-12 Education Cybersecurity Report Introduction Increasing the security posture within a school district necessitates deliberate education of executive leadership so that a common cultural understanding about the importance of cybersecurity is adopted across the organization. -District Technology Leader Executive leaders across all sectors have a stress-test for the technology infrastructure in fiduciary responsibility to protect the tangible and many school districts. To support the continuity intangible assets of their organization. of learning, a core component of a school Increasingly, those assets include mission-critical district’s mission, new technology plans and data and information systems. The same is true rollouts were quickly implemented that for K-12 education enterprises with the additional significantly increased the digital footprint and imperative, unique to education, to ensure that reach within many districts. For example, an technology resources are readily available and unprecedented number of digital learning devices safe to use to support the educational mission of and mobile hotspots were distributed to students the school district. At the heart of this obligation from kindergarten through high school. Learning for comprehensive asset protection is the need for management systems were not only adopted but a shared value system and accountability around their usage was mandated alongside new online cybersecurity across the entire organization. To curriculum products supporting both core and that end, today is very much different than supplemental instruction. This resulted in record yesterday in K-12 education. levels of online activity and product usage by students, teachers and staff. Online tools to The pandemic and resulting disruptions in support communications from school to home as traditional school modalities created a new well as internal operational interactions have © Project Tomorrow 2021 2 become essential resources. And adoption plans mission-critical information systems. The fallout for new cloud-based applications including for from a cyber or ransomware attack on a school finance and human resources were re-prioritized district’s infrastructure can have a long tail of on a faster timeline. For the most part, these impact beyond disruptions to the education changes in our education enterprises, most delivery system including financial, public notably around the increased usage of technology relations and community trust repercussions. within both the instructional and operational And while there is much to be learned from how aspects of a district, are permanent changes. other sectors, including those in transportation, Despite nostalgic pulls for a pre-pandemic school finance, retail and manufacturing have addressed model, it is simply not possible to turn the clock their cyber threats and/or events, the readiness back to February 2020 and unravel the increased of K-12 districts today to deal with these new dependency we have today on technology within realities appears to be lagging despite the our education systems. increased vulnerabilities and documented upticks in such threats and attacks. While many reports and media stories have documented the physical or behavioral impact of Project Tomorrow’s® annual Speak Up these changes on the way students access Research Project has documented the evolution learning content or how a teacher records their of technology use, both from an instructional and professional development time, there are other operational perspective, within K-12 education ramifications of this new environment that may be since 2003. Since 2017, the Speak Up results less obvious but certainly not less important. have also included a focus on K-12 districts’ Heading that list is the increased risk and cybersecurity preparations. However, as noted vulnerability of K-12 education data and above, today is very much different than information systems to a cyberattack. With yesterday especially relative to cybersecurity increased dependence on technology and a wider preparation. The combination of the expansion of online network, especially beyond the traditional technology resources within the K-12 education school physical footprint, comes the inevitable enterprise and the increase in cyber threats to amplified exposure to new potential threats to school districts has mandated that we © Project Tomorrow 2021 3 conduct a more comprehensive review of the state of cybersecurity within K-12 education. In partnership with iboss, a new Speak Up Research effort was initiated in spring 2021 to understand the views and values held by school district leaders on their overall readiness to address these unprecedented cybersecurity challenges. Nearly 600 district administrators and technology leaders from a representative cross section of school districts nationwide responded to the call for input on this urgent topic by completing an online survey between January and May 2021. Our analysis of the resulting data from the first annual 2021 Project Tomorrow – iboss National K-12 Education Cybersecurity Research Study and collection of first hand insights from district leaders nationwide underscores the imperative for a new national call for greater awareness and action on K-12 cybersecurity. It is our hope that this new executive report will be a clarion call that resonates from the classroom to the school board meeting for every district to implement a cross organizational strategy to combat the present and future threats to the security of their district technology assets. To support that work, this report identifies and discusses three specific K-12 Cybersecurity Insights from the Speak Up research that can provide district leaders with a starting point for developing a new cross organizational approach for their district’s cybersecurity preparation. © Project Tomorrow 2021 4 K-12 Cybersecurity Insights An effective cybersecurity plan must be rooted in a shared and realistic sense of concern, responsibility, and accountability within the district. The new technology dependence in K-12 education demands that district leaders re-assess their approach to the management of their technology assets, both human and digital. This has huge implications for cybersecurity readiness and preparations. Cybersecurity preparation begins with an understanding of the need to walk the talk with increased funding to support both readiness and mitigation efforts. These insights and the supporting research data are discussed in detail in this new report. It should be noted that the data findings reveal serious gaps in our current approaches, notably around the awareness levels of key leaders to the current cyber threats. Thus, in our concluding section, we are issuing a call to action for the nation’s K-12 districts and supporting educational organizations, associations and companies to rally together to increase awareness on the urgency for more comprehensive K-12 cybersecurity information across all levels of leadership within a school district, the development of a new common culture that is dedicated to action on cybersecurity and the identification of best practices for effective data systems protection. © Project Tomorrow 2021 5 We experienced a cyber event almost 2 years ago that shut us down. As a district we all went through the process of recovery together. We have full support of our Cabinet and Superintendent when it comes to keeping our network and student data safe. -District Technology Leader K-12 Cybersecurity Insight #1 cybersecurity includes a focus on educating the key leaders on cybersecurity issues including the An effective cybersecurity plan must be rooted District Superintendent, school board members, in a shared and realistic sense of concern, chief academic officers, public relations responsibility, and accountability within the directors, business and finance leaders as well entire district team. as the chief technology or information officers. , The protection of district assets including The readiness of a district team to implement digital infrastructure and data should be a primary effective methods for thwarting or mitigating a responsibility for every district leader. ransomware attack or hack to district systems Cybersecurity is not just the job of the technology depends first upon leadership team buy-in department. When that inevitable cyber-attack regarding their district’s vulnerabilities for a happens, it will impact every aspect of a school cyber event. Included in developing that buy-in district’s operations with implications for finance, must be an assessment of the overall knowledge human resources, student assessments, parent or awareness of the team regarding risks and communications, teachers’ instructional practices potential vulnerabilities to cyberattacks. and community trust. Therefore, it is imperative Technology leaders in this year’s National K-12 that a cross-organizational approach to Education Cybersecurity research facilitated by © Project Tomorrow 2021 6 Project Tomorrow report a mixed bag of for protecting their data and information awareness within their district community on systems, the awareness levels of parents about those potential risks and vulnerabilities. As cybersecurity should be a top discussion as well. documented in Table 1, only 39% of technology As noted in Table 1, two-thirds of technology leaders say that their Superintendent has a high leaders (67%) say that awareness level of parent degree of awareness regarding cybersecurity leaders (such as those serving on district issues. On average, the technology leaders advisory councils or parent-teacher association believe that the members of their district leadership teams) is low. More work obviously leadership team have a moderate level of needs to be done to ensure that parents are more awareness about these mission-critical issues, but familiar with the risks associated with a district not necessarily a high level of familiarity or breech or ransomware attack as they may be the knowledge about cybersecurity. For example, ones who need to clean up a child’s credit report 53% of technology leaders say their local school or data records for years to come after the board members are moderately aware or attack. Additionally, given the impact of a informed on cybersecurity issues; only 12% of the cyberattack on community trust, transparency technology leaders agree that their school board regarding how the district is protecting their members are highly aware. assets including student data is an important As districts create new plans and approaches new consideration for district communications. Table 1: Awareness levels of various district leadership positions regarding cybersecurity – an assessment of the district technology leaders © Project Tomorrow 2021 © Project Tomorrow 2021 7 ii Overall, the relatively low levels of awareness of districts protect their digital assets. However, key stakeholders in cybersecurity preparation is despite this enhanced spotlight on the threats sobering. As more media attention is placed both within K-12 education, this year’s data from the on cyber incidents in education as well as Project Tomorrow research indicates that there commercial environments, awareness levels may is a significant disconnect within many school rise. Fortunately, the K-12 Cybersecurity Resource districts, not just on familiarity with cybersecurity Center provides a comprehensive reporting of issues, but also on the seriousness of protecting publicly disclosed cyber-attacks within K-12 data assets and a sense of urgency around districts. Per their latest report, The State of K-12 ensuring adequate protections are in place. Cybersecurity: 2020 Year in Review, the number of When asked their level of concern regarding the publicly disclosed school incidents (including security of their district technology student and staff data breaches, ransomware and infrastructure and networks against a malicious other malware outbreaks, phishing attacks and cyber-attack, only 22% of district administrators other social engineering scams and denial-of- identified their current concern level as high service attacks) increased 18% over 2019 (Chart A). While over twice as many technology reporting. Correspondingly, the US Government leaders (46%) said they have a high concern i Accountability Office (GAO) has also recently level, that percentage still feels low considering acknowledged both the increased vulnerability of the prevalence and virality of recent K-12 K-12 institutions to attacks like these and the need ransomware attacks. for more updated resources to help school i https://k12cybersecure.com/year-in-review/ iihttps://www.gao.gov/products/gao-22-105024 Chart A: Level of concern regarding a cyberattack on your district technology infrastructure and network © Project Tomorrow 2021 © Project Tomorrow 2021 8 Key takeaway: To develop participants, and buy into a new a shared culture within your district culture that prioritizes district around cybersecurity, start protecting district assets. Without with a comprehensive education that common cybersecurity process so that all stakeholders and preparation culture in place, it is decision-makers gain a realistic highly challenging to expect all understanding of the risks and district administrators to be engaged vulnerabilities, accept their roles and in actively and purposefully responsibilities as active addressing these challenges. I regularly spell out our cybersecurity vulnerabilities and needs to address such. In 2019-20 I took a hard approach to educate staff and cabinet regarding such vulnerabilities, we then put a plan in place to begin making these changes along with a communication plan. We also sent out a monthly newsletter with basic information regarding internet safety best practices. It is important to regularly communicate concerns and new cybersecurity threats to staff. These communications keep the threat and importance of cybersecurity at the forefront. -District Technology Leader 9 This is what has worked in our district. Educate: Build awareness in users of their role in managing risks. Mitigate: Implement robust systems to protect data and networks. Investigate: Provide tools to monitor and determine system breaches. -District Technology Leader K-12 Cybersecurity Insight #2 families on an almost 24/7 basis. This is naturally precipitated by the greater The new technology dependence in K-12 implementation since March 2020 of one-to-one education demands that district leaders re- programs where every student is assigned a assess their approach to the management of school-owned digital learning device (tablet, their technology assets, both human and laptop, Chromebook) to use in school and at digital. This has huge implications for home. cybersecurity readiness and preparations. , However, while increased workloads may be a It is widely acknowledged that the environment current reality, recent Speak Up research also in K-12 education schools and districts is very indicates that in many districts outdated different today than before the pandemic. Further assumptions particularly around support models evidence is noted by the technology leaders are still driving planning and decisions. This is regarding their staffing challenges. Technology particularly true relative to the structure of many leaders identify that one of their biggest district information technology departments and challenges right now is increased workload on divisions. This need to re-evaluate the work and their IT staff (72%) to provide heightened levels of priorities of district IT departments is not a customer service and support to students and byproduct of the pandemic, however. The © Project Tomorrow 2021 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.