Data collection is a vital resource for educational institutions across the world, including student records, which contain highly sensitive material such as a student’s name, address and social security number, and often test scores, behavioral assessments, personal health data and more.
Research project data at leading universities is a ripe target for cyber criminals and nation states. The 2018 Education Cybersecurity Report shows that out of 17 industries in the U.S., education ranks last in terms of overall cybersecurity posture.
SecurityScorecard analyzed 2393 organizations with a footprint of 100 IP addresses or more in the education industry, from April 2018 to October 2018.
“The lack of resources and attention to cybersecurity in schools and universities should be a cause for serious concern among students, parents, school boards, and the education industry as a whole,” said Sam Kassoumeh, COO of SecurityScorecard. “Schools collect an incredible and vastly increasing amount of personal data about students. At the same time research universities house valuable IP. Securing these networks and protecting this information is essential to protect the future of innovation and privacy.”
Researchers found the Education category performed poorly in three key areas: application security, patching cadence and network security.
As more schools rely on educational technology and software solutions for testing and metrics, substantial risks come into view. Application software vulnerabilities represent a top target for hackers, and educators’ reliance on these technologies is one of the most significant data breach risks.
Despite school IT departments recognizing the importance of a rapid patching cadence, updates are often scheduled when systems are inactive. A slow patching cadence or late patch installation, open systems up to unauthorized users.
Networks are indispensable to access classroom materials and resources as they incorporate more laptops and tablets than curricular tools. As more students use cloud services to connect to work between the home and the classroom, the education sector needs to focus on business continuity of network security. Network security issues plague the education industry as it stands on the brink of becoming the next major attack target.
“A cybersecurity plan for schools should reflect a holistic approach to student data protection and visibility across the education systems’ vendor ecosystem to assess risk,” continued Kassoumeh.