Yes, you read that right. When asked how easy they thought it would be for a student in grades 1-6 to hack a school, 15 percent of respondents said it was either somewhat easy (6 percent) or very easy (9 percent). The numbers rise with age. Some 57 percent think a high school student could easily hack a school, and 63 percent think an undergraduate would have no problem. These responses were part of a survey of 1,000 Americans conducted by SurveyMonkey on behalf of Radware.
Perhaps part of the reason Americans think it is so easy for students to hack a school is that they do not have any idea whether schools are equipped to defend themselves. When asked to grade schools on their ability to protect students’ personal information, privacy, and safety, 45 percent simply selected “I don’t know” instead of assigning a letter grade.
That perceived lack of competence in protecting privacy could stem from personal experiences with school communications. Respondents reported that schools often aren’t educating students on how to better secure themselves online. Nearly half (48 percent) said they had never received communications from a school containing cyber-security tips or counsel on protecting themselves, students, and devices.
Still, 76 percent of respondents said they were not aware of any schools or universities being affected by a cyber-attack, despite countless examples reported in the news.
Of course schools are often victims of cyber-attacks, in large part because they’re more vulnerable than the typical organization. According to Radware’s Global Application and Network Security Report, the education sector is among the least ready of any industry to withstand a cyber-attack.
Schools’ security budgets are 50 percent lower than those in financial or government organizations, and 70 percent lower than in telecom and retail. Of course that may be because schools estimate the cost of an attack at only $200,000, a fraction of the $500,000 expected by financial firms, the $800,000 by retailers, and the $1 million price tag foreseen by health care, government, and tech organizations.
But the relatively low estimated cost of an attack doesn’t mean attacks are any less disruptive. Nearly a third (31 percent) of attacks against schools are from angry users, a percentage far higher than in other industries. Some 57 percent of schools are hit with malware, the same percentage are victims of social engineering, and 46 percent have experienced ransom attacks.
Yet 44 percent of schools don’t have an emergency response plan.
As the new school year begins, and cyber-attacks inevitably delay class registration, expose students’ personal data, and disrupt online testing, schools and universities should not only revisit their cyber-security budgets, but do a better job of communicating with parents, students, faculty, and staff about staying safe.
And if grade-schoolers are hacking their schools, their parents and teachers might want to pay closer attention to how they’re spending time online.