IBM on Monday announced the first eight recipients of the 2022 IBM Education Security Preparedness Grants, a package that totals $5 million to schools in six U.S. states, Ireland, and the United Arab Emirates.
Ray Sims, global lead for training and education at IBM Security X-Force, said each school will receive around $500,000. After conducting a gap assessment, Sims said IBM Service Corps will work with the selected schools to deliver services, such as incident response plans, ransomware playbooks, cybersecurity exercises, education and training.
“We will also provide materials to help educate teaching staff and students on cybersecurity safety practices, such as password hygiene and phishing education, based on the schools’ needs,” Sims said.
IBM believes schools can use the support, given that IBM's 2022 Cost of a Data Breach Report found the cost of a data breach averages $3.86 million for education institutions. And, while the report found that 49% of data breaches the industry experienced were caused by a malicious attack, nearly 30% occurred because of human error, emphasizing the need for proper cybersecurity training and education in schools.
John Hellickson, Field CISO and executive advisor at Coalfire, said with the nature of public education being centered on learning and free flow of information, it’s not always feasible to lock down the IT environment like it’s often done at financial institutions. Hellickson said with such openness and often a lack of adequate funding, it makes it easier for cyber criminals to prey on the trusting nature of educators and school administration, which can lead to ransomware attacks that can bring down entire IT infrastructures.
“The recipients of these grants for IBM's services get the benefit of having industry experts assist in developing a cybersecurity plan, getting a jump start on improving their overall security posture and have a better chance of combating the threats schools across the world face today,” said Hellickson.
Timothy Morris, chief security advisor, AMER at Tanium, said much like healthcare, the education vertical has emerged as a high-value target that’s increasingly under fire based on the reams of personally identifiable information held. However, Morris said while the healthcare industry has an abundance of resources and funding to combat and thwart sophisticated cyberattacks, education has been the polar opposite.
“Overcoming this ‘security gap’ in education will take a monumental effort among public and private entities to be successful,” Morris said. “It’s encouraging to see IBM make such a significant investment with a commitment to help level the playing field for education when it comes to cybersecurity.”
Keenan Skelly, chief executive officer at Shyfted Studios, added that IBM’s program is exactly the kind support and grant spending big tech needs to invest in.
“It’s not just about protecting the students, it’s also about creating a culture of cybersecurity awareness and understanding in the K-12 space, including teachers, administrators, school boards, and parents,” Skelly said. “This is something every company with the means should consider!”