Cyber attacks account for more than half of all incidents in education–all the more reason why school network security should be a top priority for IT leaders, according to a new report.

Education is still one of the sectors most at-risk for data breaches, as the Verizon 2019 Data Breach Investigations Report details.

“Education continues to be plagued by errors, social engineering, and inadequately secured email credentials,” it notes. “With regard to incidents, DoS attacks account for over half of all incidents in education.”

Of 382 incidents, 99 came with confirmed data disclosure. When known, the motives behind security breaches are largely financial (80 percent), followed by espionage (11 percent), for fun (4 percent), due to a grudge (2 percent), and upholding an ideology (2 percent). More than half (57 percent) of threats are external, and 45 percent are internal.

Patterns in school network security

Miscellaneous errors, web application attacks, and “everything else” represent 80 percent of breaches.

Miscellaneous errors (35 percent) happen because people are human and mistakes happen. Most of these errors are misdelivery and publishing errors.

Web application attacks (around 25 percent) mostly occur due to the frequent compromise of cloud-based email services via phishing links to phony login pages. Users should consider creating more secure passwords or using two-factor authentification.

“Everything else” is akin to a lost and found bin, containing frequently-encountered incident types that don’t fit into other patterns.

3 considerations for school network security

Many breaches in education are a result of poor security practices and little or no attention to detail. Cleaning up human error as much as possible is the first step, then school IT leaders should establish a baseline level of security around internet-facing assets like web servers.

Universities that partner up with major tech companies or that run policy institutes or research centers are more likely to be targeted than school districts. School IT leaders should understand the data they have and the kind of outfit or group most likely to seek it out.

There will always be threats–phishing and general email security, Ransomware, and DoS are all potential issues. IT teams should know how to respond to these threats. The topics aren’t necessarily new, but they’re still causing issues.

Balancing access to educational resources with security needs remains a top challenge for school district IT leaders, according to December 2018 findings from the Speak Up Research Project for Digital Learning.

Seventy-one percent of district administrators and IT leaders are concerned about the security of their network against malicious attacks or misbehavior, as outlined in the data.

Fifty-five percent of IT and tech leaders in urban districts identify “safeguards to protect privacy of digital student data” as a top requirement when planning for new digital initiatives.

Laura Ascione
About the Author:

Laura Ascione

Laura Ascione is the Managing Editor, Content Services at eSchool Media. She is a graduate of the University of Maryland's prestigious Philip Merrill College of Journalism. Find Laura on Twitter: @eSN_Laura