VANCOUVER, British Columbia — October 1, 2019 — Absolute (TSX: ABT), the leader in endpoint resilience, today announced the introduction of a new research report titled ”Cybersecurity and Education: The State of the Digital District in 2020,” focused on the state of IT security, staff and student safety, and endpoint device health in K-12 organizations. The report’s findings highlight the crisis the education sector is facing as schools grapple with high levels of risk exposure – driven in large part by complex IT environments and digitally savvy student populations – that have made them a prime target for cybercriminals and ransomware attackers.
The summer months of 2019 saw the number of publicly-disclosed security incidents in K-12 school districts in the U.S. reach 160, exceeding the total number incidents reported in 2018 by 30 percent. In July alone, school districts in New Mexico, Nevada, Louisiana, Oklahoma, Alabama, Connecticut, and New York fell victim to cyber attacks. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations.
Technology has proliferated the digital campus as K-12 organizations continue to rise to the challenge of modernizing classroom environments and harnessing the power of digital learning; 82 percent of schools now provide students with devices. But, the unstructured growth has created mass complexity for resource-constrained K-12 IT leaders tasked with ensuring the security and privacy of students and staff. The report’s findings emphasize this, revealing that IT leaders are now responsible for collectively managing more than 250 unique OS versions and that 93 percent are managing up to five versions of common applications.
“Today’s education IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute. “And this is not something that can be achieved by simply spending more money, especially when that money comes from public funds. The questions they each need to be asking are whether they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without the critical elements of a strong and resilient security approach – things like visibility and control – it becomes nearly impossible to protect your students, your data, and your investments.”
Also among the report’s top findings is the number – 319 – of unique web proxy and rogue VPN applications discovered in K-12 environments, as tech savvy students look for ways to bypass security controls. Forty two percent of schools have students using these apps to mask their online activity, jeopardizing not only their own privacy and safety but also opening up the entire school network to malware, ransomware, and other viruses.
Other key insights from the report include:
Modern education environments are more technologically diverse and complex than ever. Across the K-12 organizations studied, we identified:
- More than 250 unique OS versions of Windows, Mac, Linux, and Chrome
- 137,000 unique application versions
- More than 6,400 unique Chrome extensions
Ineffective native management tools, heavily relied on by education IT teams, create significant device management and security challenges.
- More than half of K-12 organizations (53 percent) rely on native client/patch management tools
- Native client/patch management agents experience a 56 percent failure rate
Public funding dollars are largely wasted on ineffective and decaying endpoint security controls.
- More than one third (38 percent) of endpoint agents require at least one repair monthly
- An average of 9 devices per day experience encryption agent failure (per school, where encryption is in place)
- Half (50 percent) of failing encryption agents fail more than 25 times per month
A full version of the report, “Cybersecurity and Education: The State of the Digital District in 2020,” is available for download here. Absolute will also share the findings of the report during a live webinar, “Five Steps to Safeguarding Your Digital District,” on Thursday, October 24th at 10 am PT / 1 pm ET. Register for the webinar here.
For more information about Absolute, and how the company is delivering visibility, control, and resilience to thousands of education customers worldwide, visit www.absolute.com.
Methodology
This report leverages data from 3.2 million devices containing Absolute’s endpoint platform, active in 1,200 K-12 organizations across North America (U.S. and Canada). Absolute is committed to customer and student privacy and data protection — only anonymized, de-identified data was used in this study.