SecurityScorecard, a New York City-based IT security company, said that the education industry is the worst at cybersecurity compared to 17 major industries, EdScoop reports:
In its 2018 Education Cybersecurity Report, the company found that the education industry is not taking many of the necessary steps to protect students from cyber-vulnerabilities. According to the study, the main areas of cybersecurity weaknesses in education are application security, endpoint security, patching cadence, and network security.
Schools collect sensitive information on every one of their students. Digitizing student data makes it easier for educators to view student information, as well as malicious actors. From health data to academic and financial records, a breached student record can provide malicious actors with a stereoscopic view of a student’s life. According to the report, although hackers are becoming more adept at accessing student and school data, the education industry has failed to keep pace with data protection.
Sam Kassoumeh, chief operating officer and co-founder of SecurityScorecard, said university networks are especially vulnerable to
cyberattacks. “There is a large surface area of exposure at a university. It’s thousands and thousands of devices distributed over a campus,” he said.
Students often use more than one device on campus and in-class — computers, phones, tablets or other “internet of things” devices — that while beneficial, Kassoumeh said, create “a heterogeneous environment, where all of the devices are not secured equally.”
This primarily focuses on higher education, but I doubt that K-12 schools do any better. I suspect they are worse.