Survey Reveals Top Cybersecurity Issues in Education
“When you look at IAM, there are two levels to that,” Bell says. “First, you have the ability to control access, but more important, it’s the governance side of the house where you’re creating and assigning permission sets to end users.” With analytics from these tools, Bell says, administrators can monitor users’ access and behaviors to identify potential risks — insights they might not have without comprehensive IAM solutions in place.
Staffing Issues Permeate the Cybersecurity Field
Across industries, staffing and training were major concerns for IT and security professionals.
In education, 38 percent of respondents said sufficient understanding of staffing needs is missing from their organizations’ approach to cybersecurity — the most common response on the list. Only 10 percent of respondents considered themselves fully staffed, while 13 percent are severely understaffed, and 40 percent are understaffed but say it could be worse.
Because staffing is an ongoing concern, retention strategies are particularly important. In the education sector, providing opportunities for certification and education was seen as the most effective way to retain IT security staff, with 66 percent of respondents calling it either somewhat or very effective.
LEARN MORE: How a cyber resilience strategy can be key to business success.
“You retain your staff by ensuring that you’re raising their value as a staff member by ensuring they have a broad set of skills and they’re working on high-value tasks,” Hagopian says.
Outsourcing can be another effective way to address staffing concerns, but according to the survey, 38 percent of education respondents do not outsource anything related to IT security.
Education Sector Lags Behind Other Industries in Zero-Trust Adoption
Like cyber resilience, zero trust is a set of tools and strategies that can improve an organization’s security posture, but its implementation varies across industries.
“Organizations are all on a journey, from a zero-trust maturity perspective,” Hagopian says. “And no two organizations are going to be in the same place in terms of what they’re doing or what they have to do to operate in a highly mature state.”
While 42 percent of respondents across industries reported that their organization is in the advanced maturity level when implementing zero-trust initiatives, only 23 percent of education respondents reported the same. Most education respondents (38 percent) said they were in the initial stages of zero-trust maturity, while 18 percent of respondents said they have not started any zero-trust initiatives — double the industrywide total of 9 percent.
READ MORE: Higher ed institutions could benefit from a zero-trust approach to cybersecurity.
Getting executive buy-in is one of the top challenges education institutions face when implementing zero-trust principles, with 44 percent of respondents noting difficulty in that area. Hagopian says this is a common concern outside of the technology implementation aspects of zero trust.
“There are a lot of business challenges and business process changes that have to occur when you’re rolling out a zero-trust program,” she says. “We find that we have to provide a lot of assistance in an advisory and consulting capacity to help organizations more with that business process change, as well as with the change management and communication you have to create internally within the organization to get the proper buy-in from all of the stakeholders that have to get involved.”