New Research from Absolute Underscores Educational Organizations Vulnerable to Cyber Attacks
VANCOUVER, British Columbia — October 1, 2019 —Absolute (TSX: ABT), the leader in endpoint resilience, today announced the introduction of a new research report titled ”Cybersecurity and Education: The State of the Digital District in 2020,” focused on the state of IT security, staff and student safety, and endpoint device health in K-12 organizations. The report’s findings highlight the crisis the education sector is facing as schools grapple with high levels of risk exposure – driven in large part by complex IT environments and digitally savvy student populations – that have made them a prime target for cybercriminals and ransomware attackers.
The summer months of 2019 saw the number of publicly-disclosed security incidents in K-12 school districts in the U.S. reach 160, exceeding the total number incidents reported in 2018 by 30 percent. In July alone, school districts in New Mexico, Nevada, Louisiana, Oklahoma, Alabama, Connecticut, and New York fell victim to cyber attacks. Schools are now the second-largest poolof ransomware victims, just behind local governments and followed by healthcare organizations.
Technology has proliferated the digital campus as K-12 organizations continue to rise to the challenge of modernizing classroom environments and harnessing the power of digital learning; 82 percentof schools now provide students with devices. But, the unstructured growth has created mass complexity for resource-constrained K-12 IT leaders tasked with ensuring the security and privacy of students and staff. The report’s findings emphasize this, revealing that IT leaders are now responsible for collectively managing more than 250 unique OS versions and that 93 percent are managing up to five versions of common applications.
“Today’s education IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute. “And this is not something that can be achieved by simply spending more money, especially when that money comes from public funds. The questions they each need to be asking are whether they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without the critical elements of a strong and resilient security approach – things like visibility and control – it becomes nearly impossible to protect your students, your data, and your investments.”
Also among the report’s top findings is the number – 319 – of unique web proxy and rogue VPN applications discovered in K-12 environments, as tech savvy students look for ways to bypass security controls. Forty two percent of schools have students using these apps to mask their online activity, jeopardizing not only their own privacy and safety but also opening up the entire school network to malware, ransomware, and other viruses.
Other key insights from the report include:
Modern education environments are more technologically diverse and complex than ever. Across the K-12 organizations studied, we identified:
More than 250 unique OS versions of Windows, Mac, Linux, and Chrome
137,000 unique application versions
More than 6,400 unique Chrome extensions
Ineffective native management tools, heavily relied on by education IT teams, create significant device management and security challenges.
More than half of K-12 organizations (53 percent) rely on native client/patch management tools
Native client/patch management agents experience a 56 percent failure rate
Public funding dollars are largely wasted on ineffective and decaying endpoint security controls.
More than one third (38 percent) of endpoint agents require at least one repair monthly
An average of 9 devices per day experience encryption agent failure (per school, where encryption is in place)
Half (50 percent) of failing encryption agents fail more than 25 times per month
A full version of the report, “Cybersecurity and Education: The State of the Digital District in 2020,” is available for download here. Absolute will also share the findings of the report during a live webinar, “Five Steps to Safeguarding Your Digital District,” on Thursday, October 24th at 10 am PT / 1 pm ET. Register for the webinar here.
For more information about Absolute, and how the company is delivering visibility, control, and resilience to thousands of education customers worldwide, visit www.absolute.com.
This report leverages data from 3.2 million devices containing Absolute’s endpoint platform, active in 1,200 K-12 organizations across North America (U.S. and Canada). Absolute is committed to customer and student privacy and data protection — only anonymized, de-identified data was used in this study.
Absolute serves as the industry benchmark for Endpoint Resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with Self-Healing Endpoint® security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required to support the modern enterprise. For the latest information, visit www.absolute.com and follow us on LinkedIn or Twitter.