Invest in Security Resources to Proactively Avoid Cyberattacks
If increasing, high-profile ransomware attacks didn’t emphasize the need for stronger cybersecurity measures, cyber insurance requirements did. However, in a panel discussion Tuesday called “Identifying the Risks and Challenges of Cybersecurity,” hosted by CDW Education’s Professional Development Manager Ari Flewelling, speakers discussed why, often, meeting insurance requirements alone isn’t enough.
“There’s a difference between a checkmark in an audit box and mitigating risk,” said panelist Steven Allison, a field CISO at CDW.
It’s better to pay for a more comprehensive security solution because, while it might be more expensive, it won’t be nearly as costly as a successful cyberattack. If there is a breach, the money will be there. “It takes the incident to create the incident-based spending,” Allison said, but IT departments can try to get that money for prevention.
School districts can also stretch their cybersecurity budgets by bringing in security consultants instead of hiring full-time staff. Many districts are finding it difficult to fill vacant security positions because K–12 institutions can’t pay these specialists as much as the private sector can. However, bringing in a part-time virtual CISO or other security consultant can give districts an expert’s perspective without busting the budget.
REVIEW: Read about the IT leadership and newest technologies at the CITE 2022 conference.
Educate Stakeholders on Cybersecurity Risks and Solutions
Acquiring the necessary funding up front for cybersecurity is often a matter of getting the right stakeholders to understand the risks cyberattacks pose.
“There needs to be support from the top,” said Jon Carrino, director of technology services at William S. Hart Union High School District. “When resources aren’t available because there’s no support from the school board or superintendents, those initiatives become impossible.”
One challenge is that, frequently, board members, superintendents and other administrators don’t have an IT background. This makes it more difficult to convey the importance of proactively mitigating risks.
“Make sure you’re able to communicate the ‘why,’” said Brandon Weber, IT director for the Lancaster School District, adding that it can be helpful to collaborate with the teacher’s union and its leaders. “If they’re on your side, things go far more smoothly.”