Many Kansas school districts never scan for vulnerabilities, auditor finds
A significant number of school districts in Kansas are not secure from cyber threats, according to a report published Tuesday by the state auditor’s office.
Out of 147 school districts — just over half of Kansas’ 286 districts — that responded to a voluntary survey about cybersecurity practices, 35% reported that they never scan their computer systems for vulnerabilities, and 58% have never required their staff to undergo cybersecurity training. The report concluded that 69% of districts have no incident response plan in the event that a cybersecurity attack is successful.
Cyberattacks on schools rose by 18% in 2020 according to the K-12 Cybersecurity Resource Center.
The lack of basic IT security controls among districts led the auditor’s office to recommend that the Kansas legislature take action to introduce minimum security standards in schools. Kansas Education Commissioner Randy Watson, however, said in a written response to the report that forcing schools to implement minimum security standards “would be a significant undertaking and is not possible with the current level of IT staffing.”
“The IT team at KSDE was established and has been staffed to only meet the data collection and management needs of the Department, rather than school districts,” Watson said.