Half of US schools did not implement cybersecurity protection following shift to remote working

A survey by Malwarebytes revealed that many US schools left staff and students unprotected when COVID-19 forced the sector to move online

More than 50% of US schools failed to implement new cybersecurity training and tools following the shift to remote teaching and learning, a Malwarebytes survey revealed.

The report, titled Lessons learned: how education coped in the shift to distance learning, details the state of cybersecurity protection across the sector during the ongoing coronavirus pandemic. It shows that, on top of a lack significant training relevant to the new remote working environment, there are clear and considerable discrepancies between students and IT decision-makers when it comes to threatening experiences such as cyber-attacks.

“Students during the pandemic are struggling with digital access, engagement and a severe sense of isolation” – Marcin Kleczynski, Malwarebytes

Marcin Kleczynski, CEO of Malwarebytes, commented: “Students during the pandemic are struggling with digital access, engagement and a severe sense of isolation. Cybersecurity should be the least of their concerns, and yet, it’s concerning to find that nearly half of educational institutions show a lack of preparedness.”

The report shows that cybersecurity preparation made a substantial difference to a school’s ability to weather a cybersecurity event. Those who participated in cybersecurity best practices before the move to remote working, for example, did not fall victim to a cyber-attack, and none had to cancel a single day of distance learning due to the impact of a cyber-attack. Overall, 18% of the more prepared institutions said “teachers or students have suffered a Zoom-bombing attack”, compared to 29% of general respondents.

On top of this, the report shines a light on various inconsistencies in the perceived experiences of IT decision-makers and students; for example, a surprisingly low number (3%) of IT professionals in education said their school had been targeted by a cyber-attack, while just under half (46%) of student respondents claimed their school had fallen victim. This is concerning because, as students consider their choices for further education, a considerable majority (61%) say that a cyber breach contributed to a lack of trust in their school.

Other key findings include:

  • 71% of schools deployed new software needed for distance learning, such as Zoom, Remind and Google Classroom
  • When preparing for the new school year, 31% of schools admitted to being unable to provide for all teachers, administrators and staff members while working remotely, and 45% of schools couldn’t provide the devices necessary to ensure every student had equal access to education
  • As distance learning wages on, the device shortage continues:
    • 28% of IT respondents said their schools are missing laptops, computers or tablets for teachers
    • 40% were missing these same tools for students and parents
    • 39% worry that teachers and students are too quickly using up the data on school-provided WiFi hotspots
  • 51% of IT decision-makers say that no one (students, staff or faculty) was required to enrol in cybersecurity training before the new school year began
  • 47% of IT decision-makers said their schools developed “no additional requirements” (meaning cybersecurity training or antivirus tool installations) for students, faculty or staff who connected to the school’s network

Kleczynski added: “It is essential that schools – and all organisations – stop viewing cybersecurity as an afterthought; protecting our students and their data online should be a top priority for educators.”

In related news: New cyber threat report forecasts 2021 to be the ‘year of extortion’


Leave a Reply


The Role of Testing within Digital Transformations

Wednesday, January 26, 11AM (GMT)