Survey: Third-Party Security Risks a Challenge in Education

A recent survey from the Texas-based tech company SecureLink found that many educational institutions are doing little to manage or monitor third-party vendors with access to student data and networks.

According to the report, 45 percent of IT staff said they have a process to identify all third parties that access their organization's most sensitive data. The research, conducted by Ponemon Institute, surveyed 632 IT security professionals across industries such as education, health care and manufacturing, among other sectors. Half of every industry surveyed also called the managing of third-party security "overwhelming and a drain on internal resources."

Among other findings in education, more than 40 percent said their organization has experienced a cyber attack or data breach, with 2 percent marking “unsure.” Over half of respondents said cyber attacks did not result in changes to their third-party security protocols.

Overall, 50 percent of respondents said they don't rate their organizations as "highly effective" in mitigating remote access risks, with 54 percent saying they have experienced a cyber attack in the last 12 months.

The report noted that workforce trends keeping IT departments understaffed are one factor playing into this lack of security, shown across industries. Overall, the report said, “organizations are barely treading water when it comes to staying safe and secure” in the face of an increase in cyber attacks such as ransomware against K-12 and higher education networks during COVID-19.

“To maintain a strong security posture, you need staff who are equipped to manage it, which is why so many participants indicated they need in-house expertise,” the report said. “But when hiring, training and retaining skilled personnel is a roadblock in itself, organizations will start to look elsewhere.”