- ICO finds the majority of insidercyber attacks in British schools caused by students
- Many violations associated with weak passwords or stolen logins utilized by students
- Officials encourage schools and parents to guide curiosity to legal positive channels
The Information Commissioner’s Office (ICO) has warned that students are increasingly behind insider cyber attacks in British schools and colleges.
Between January 2022 and August 2024, the ICO 215 analyzed data violation reports from the education sector involving insider threats.
It found that 57% of the events were caused by students. Almost a third came from stolen or guessed login information, with students responsible for 97% of these cases.
Logging in, don’t break in
While Hollywood has portrayed teenage hackers with a degree of glamor in movies such as Ferris Bueller’s day off or HackersThe reality described by ICO is both more mundane and more devastating.
Children do not break into systems, but rather log in, often by utilizing weak passwords or taking advantage of poor data protection practices.
A case highlighted by ICO showed how quickly curiosity can turn into a serious break.
“Three years 11 students illegally opened a high school’s information management system that contains personal information about more than 1,400 students. When asked, students admitted to being interested in it and cyber security and that they would test their skills and knowledge. The students used tools that were downloaded from the Internet to break passwords and security protocols, ‘Forum. “
In another example from ICO:
“A student who was illegally accessing a university’s information management system, then seen, changed or deleted personal information belonging to more than 9,000 employees, students and applicants. The system stored personal information such as name and home address, school posts, health data, protection and pastoral logs and emergency contacts. to the fact that we and they had scams. ”
ICO found that 23% of the incident in the education sector were caused by poor data protection practices, such as staff accessing items without a legitimate need, left units unattended, or allowing students to use staff units.
Another 20% involved staff sent data to personal accounts, while 17% came from poorly configured access rights.
5% involved insiders who consciously deal with network security.
“While educational settings are experiencing a large number of cyber attacks, there is still growing evidence that ‘insider threat’ is poorly understood, largely non -ulemper and can lead to future risk of injury and crime,” said Heather Toomey, main cybers specialist.
“What starts like a dry, a challenge, a little fun in a school setting can ultimately lead to children participating in harmful attacks on organizations or critical infrastructure.”
ICO encourages schools to strengthen training, reduce unnecessary access and ensure that data protection is updated regularly.
Parents are also encouraged to talk openly with their children about online behavior with the aim of managing curiosity to positive channels rather than criminal activity.
“It is important that we understand the next generation’s interests and motivations in the online world to ensure that children remain on the right side of the law and progress to rewarding careers in a sector in constant need for specialists,” Tomey concluded.
