Research conducted by the non-profit organisation Jisc, and reported by the BBC, has found that students and staff could be responsible for many of the cyber attacks conducted against schools, as opposed to organised hacking groups.

After examining over 800 attacks across 2017/18, researchers noticed suspicious patterns when it came to the timing of these attacks, with a high concentration focused around term times, and more specifically work hours, before decreasing 'dramatically' for the school holidays. Furthering this suspicion, the security team discovered a few cases where the attacks stopped around 11:30 am before resuming around 1 pm, an indication of staff or students taking their lunch time break.

school insider threat

Despite these findings, Jisc head of security operations - Dr. John Chapman - stated that he 'is sure' that 50% of these attacks were still the result of serious cyber criminals - but making up half of these incidents would still make insider threats a much larger risk than previously believed.

Insider threats are a huge cyber security risk to many businesses - but for the education sector, this usually refers to accidents more than malicious activity. Accidental data breaches are the most common example, referring to any instance of a student, or more likely a staff member, mistakenly leaking confidential information. This can be anything from misplacing a memory stick to sending an email to the wrong recipient. The easiest way to avoid these incidents is to of course train staff on being more vigilant with security measures when it comes to handling private data, but also implementing encryption into outbound services like email - Altinet's email encryption even includes a recall feature, meaning that any mail sent to the wrong person can quickly be reversed.

New Call-to-action

Email Encryption White Paper


However, genuine internal attacks do still happen, with numbers constantly increasing as students become more and more computer savvy. These incidents are usually caused by students trying to cheat the system and alter their grades, with an example from late last year when a New Jersey student hacked into his elite high school's computer system to up his grades enough to get into an Ivy League college.

Again, the most obvious solution for this is education - the more staff and students that are aware of these threats, the less they will go unnoticed. Many of these 'hacks' from students are made easier due to negligent teachers leaving computer screens with private information unattended, or writing down log in details around their desks, because they simply aren't aware that they need to be concerned about individuals inside the school too.

Barracuda Sentinel trains users how to identify suspicious emails and behaviour, as well as stopping the most common attack methods before they can even reach your network.

New Call-to-action

Barracuda Sentinel Free Trial


For more information about the cyber security services offered by Altinet, visit our website.