Before this new school year started, the Hartford Union High School District in Wisconsin wanted to hire a tech expert to oversee the district’s network.
But a well-qualified candidate, who had been working for a healthcare company, wanted $20,000 more in salary than the district was willing to pay.
“It took my breath away” says Nate Mielke, the district’s director of technology services.
It’s a common situation—districts try to get candidates with the best skills to ensure a robust cybersecurity program, but can’t pay competitive salaries for such skills.
Ensuring staff keeps up with new skills is one of four main new cybersecurity trends that Gartner, the research firm that provides IT-related insight for businesses, just revealed in a new report.
During the Gartner Security & Risk Management Summit 2017 this past summer, analyst Earl Perkins, research vice president, explained the following top trends:
Skills and organization change
Changes in cybersecurity will require that employees have new skills in data science and analytics, Perkins says.
As Mielke points out, he couldn’t afford the very qualified candidate for the network job. So he recruits those with potential. “We need to find someone who embraces lifelong learning, and those individuals who are interested enough to build these skills while they are with us” he says.
Cloud security becomes priority
As the cloud environment reaches maturity, it’s becoming a security target, Perkins says. So districts should develop security guidelines for private and public cloud use.
Mielke suggests that district leaders give as restricted access as possible to avoid carte blanche access. And districts need baseline best practices.
For example, with the student information system, the district’s special education director needs access to all the special ed and student IEP data, but the curriculum director doesn’t need that same access, Mielke says.
Shift focus to prediction
Adapt the security setup to focus on detection, response and remediation, Perkins states. “The truth is, you won’t be able to stop every threat and you need to get over it” he adds.
Mielke says his district has network software that monitors all traffic moving in and out of access points to ensure a healthy system.
His system might not be able to avoid a DDoS attack, for example, but once the attack occurs, Mielke says it’s key for his IT staff to have critical thinking skills, such as talking to the internet provider staff and being calm to work through it. “Your killer app is relationships” he says.
Other than that, Mielke says, districts would need to pay a cloud service, which lives in a separate location from the district server, that scrubs all the data coming in to ensure a security attack doesn’t happen. But it’s cost prohibitive for some—costing thousands of dollars a month, he adds.
Reliability drives next generation
Safety, reliability and privacy are also part of cybersecurity, Perkins states.
Simple practices, such as teaching users to create complicated passwords and watching out for suspicious emails, are skills that can go a long way in protecting data and people, Mielke says.
Angela Pascopella is managing editor.
