Feature-Why-Improving-Cybersecurity (1)

Why Improving Cybersecurity in Education Is an Essential Goal

March 22, 2022 - Revolutionized Team

Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.

When people discuss improvements to systems and organizations for learners, they often bring up things like teacher quality and curriculum content. Those things matter, but it’s becoming vital to pay more attention to cybersecurity in education. Otherwise, school districts and educational facilities could become crippled by devastating effects that harm students, parents, educators and administrators. 

Cyberattacks Increasing in the Education Sector

Cybercriminals regularly update their attack methods and try to orchestrate incidents that are as damaging and widespread as possible for their victims. School districts and educational facilities are prime targets. That’s especially true considering their high reliance on the internet, whether for lesson planning, exam administration, grading or other high-priority tasks. 

A Check Point Research report tracked the change in online attacks against schools during 2021. One of the most alarming findings was a 29% increase in July 2021 compared to the first half of the year. The jump resulted in an average of 1,739 attacks per education organization every week.

Another sobering point is that a single cyberattack on a service provider relied on by the education sector could affect thousands of entities. That happened recently due to a ransomware attack on Finalsite. The company works with 8,000 schools and colleges in more than 100 nations. The ransomware attack affected operations at 3,000 K-12 schools in the United States. 

Cybercriminals want to have the maximum effects with their attacks. One way to do that is to target service providers that assist essential sectors. Thus, making progress with cybersecurity in education is not the only aim today’s society should have. It’s also necessary to tighten defenses for industries like health care and transportation. 

Poor Cybersecurity in Education Could Raise Identity Theft Risks

Any parent who has a child in school or will send one there soon knows the amount of paperwork involved. A school file likely contains a combination of personal information and history at that institution or others. Hackers may attempt to use stolen files in identity theft. That’s a topic most often brought up as a concern for adults, but it’s a threat to kids, too. 

Statistics indicate that more than 1.3 million children become identity theft victims each year. Half of those are youngsters under six. If the parents don’t spot and address the problem quickly enough, it could make it more difficult for the affected people to do things like buy houses or get loans as adults. 

This issue also has another connection to cybersecurity in education. Attackers won’t necessarily stop at locking down systems and demanding money to have access restored during a ransomware attack. They’re now increasingly likely to engage in double extortion attacks. 

These occur when a perpetrator both disables access and steals data. Then, if victims don’t pay, the attackers leak the information they took. It’s also worth noting that giving the ransom doesn’t always get the desired results anyway. One study found that complete data recovery occurred in only 29% of cases once people paid. Although, the majority of the affected parties (56%) did opt to pay and hoped for the best. 

A double-extortion attack was apparently to blame during a 2020 attack on a Nevada school district. Employees could not access most of their organizations’ files and systems, though online learning platforms continued working. Later, after the school district refused to cave to ransom demands, students’ personal information appeared in an underground forum. 

Many Schools Lack the Resources to Enhance Cybersecurity in Education

It’s not enough to state that an education system intends to boost its cybersecurity. People with decision-making power must back up that declaration with tangible resources, such as a bigger budget for internet security-related defenses or approvals to hire more experts. 

A SolarWinds report examined some of the most pressing cybersecurity matters for the public sector, including educational institutions. When asked to describe the obstacles to detecting and fixing cyber incidents, 40% of respondents said their IT teams lacked training. Then, 37% cited a lack of funding and other resources. 

An expanding security perimeter due to more employees working remotely or in hybrid arrangements was the third most common issue, with 32% of people mentioning it. The COVID-19 pandemic was almost certainly another complicating factor that cut into resources and left some schools scrambling to make the best of difficult situations. 

A 2020 report showed that cybersecurity in education was still a major concern during the pandemic. In the first quarter of the year, there were 49 individual attacks. That figure rose to 67 in the second quarter, before reaching a yearly high of 160 in the next quarter. It fell slightly in the final quarter, totaling 132 incidents. 

It’s not surprising that cyberattackers ramped up their efforts through much of 2020. As the earlier study showed, many schools were already wrestling with the difficulties of budgetary shortcomings. Those almost certainly become more pronounced as the organizations had to figure out how to move learning primarily online. The associated expenses became unexpected but essential costs, ensuring learning could still happen during a global public health threat. 

Further Education More Affected Than K-12

Making concentrated efforts to enhance cybersecurity in education is important for organizations teaching students at all levels. However, a 2021 study from United Kingdom government officials suggests further-education institutions are at an elevated risk compared to organizations for K-12 students.  

In the United Kingdom, government bodies fund further-education institutions. These locations help students learn job-specific skills and qualifications, plus earn diplomas. Some even offer bachelor-level degrees. 

Half of the study’s further-education respondents reported dealing with at least three breaches or attacks over the last 12 months. That was compared to only 13% of all businesses. Then, 26% of further-education locations reported suffering cyberattacks weekly. That was true for 6% of primary schools and 15% of secondary schools. Not surprisingly, 74% of further-education facilities reported negative outcomes from cyberattacks. That figure stood regardless of if the institutions had resultant material losses. 

In 58% of those cases, the affected organizations adopted new cybersecurity policies following incidents. Then, 56% juggled staff resources to cope with the issues.  

Skill Development Supports Cybersecurity in Education

The statistics discussed here and elsewhere highlight how the education sector must take cybersecurity seriously. Failing to do so could result in disastrous and long-lasting consequences. The tricky reality is that there’s no universally best strategy for helping the education sector prepare for future cyberattacks. However, some organizations seek to do that by giving people relevant and critical skills. 

A recent example from a branch of the Arkansas Department of Education gives teachers cybersecurity training. More specifically, up to 60 participants will get free tuition for a graduate-level program. 

At Arizona State University, decision-makers combined two previously separate cybersecurity organizations at the campus into one. The new group will tackle online security through research, education and upskilling. 

Adam Doupé is the new center’s director. He explained, “We make a deliberate effort to bring our cutting-edge cybersecurity research into the classroom, and we find that the connection also goes the other way: research ideas can, and do, spring forth from education.” Some initiatives centering on cybersecurity in education encourage students to change their habits.

In Oklahoma, Tulsa Public Schools partnered with the University of Tulsa to give high-schoolers college credit for a cybersecurity course. Michael Kelley, a junior in the class, said, “I just think that it’s super important for the world that’s going digital. We have, like, a lot of people that are getting more involved with the internet.” He learned new skills, including better password hygiene. Kelley even encouraged some family members to follow his lead. 

Supporting Cybersecurity in Education at an Individual Level

Even people not employed in the educational sector or attending classes in it still have good reasons to help the industry strengthen its cybersecurity. After all, virtually everyone knows people within it. Plus, individuals who consider their formal education years behind them may eventually attend classes again. It might happen due to personal desires for career changes or perhaps because more workplaces require getting certain qualifications. 

Those interested in this topic should stay abreast of what their local school districts and higher-education institutions do to bolster their cybersecurity. Then, find out if there are ways to facilitate those efforts. For example, state legislators might prioritize cybersecurity. Then, hearing from constituents about what matters could urge them to act more decisively. 

However, better cybersecurity can also start at home. People who have school-aged kids or young adults attending college can do their part to teach good internet safety skills. Helping people recognize phishing scams, understand the characteristics of strong passwords and know the dangers of using unsecured Wi-Fi networks gives them knowledge to use throughout life.

Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.

Author

Revolutionized Team

Leave a Comment