“Back to School” Should Also Mean “Back to Cybersecurity”
As students from kindergarteners to graduate students return to their campuses, cybersecurity remains a critical concern for all educational institutions. Learning has increasingly migrated online in recent years, multiplying the security risks schools must guard against.
According to Recorded Future’s Allan Liska, cybercriminals have targeted schools at a higher rate in 2023 than in the year previous. Liska stated in July that year-to-date cyberattacks against schools had reached 120, while only 188 such incidents occurred in 2022.
For example, CNN reports that the University of Michigan just went “without full internet access for two days after staff shut the school’s connections down in response to a ‘significant [cyber]security concern.’” Last year, the Los Angeles Unified School District (LAUSD) fell victim to a high-profile cybercrime, as did the New York City Department of Education this year.
Hackers who succeed successfully breach educational databases gain access to incredibly sensitive student information. Aaron Rose of Check Point Software Technologies notes that “Student records could be anything from Social Security numbers, medical data, to anything and everything about them.” The Los Angeles Times (LAT) reports that the LASUD breach implicated an “unspecified number” of state-issued identification numbers and Social Security numbers. Moreover, LAT says that criminals listed 2,000 “student assessment records” on the dark web.
Breaches generally stem from a human error, from which hackers attain their technological endgames. “Constantly training and re-skilling and retraining, you know, people keeping in front of mind that,” Rose says. “We have some of the best technologies to prevent against them. However, the weakest link is always going to be the human being.”
Officials should consider rock-hard cybersecurity as a paramount policy objective in every relevant area. For, in addition to education, the digital world’s criminal inhabitants threaten organizations in most other sectors of society and government.
Nonetheless, many policy makers routinely marginalize cybersecurity concerns that conflict with other priorities, as some bills in Congress would weaken cybersecurity. To enshrine in law a myopic view of economic fairness, many such proposals attempt to excise many essential pro-privacy features that tech companies now offer.
As Rose states, human error will lead invariably to security risks, and policy makers ought not tear down the technological features that mitigate those risks.
David B. McGarry is a policy analyst at the Taxpayers Protection Alliance.
Published on September 6, 2023