As student start to head back to school and return to classes, Americans are worried that schools and universities are vulnerable to a cyber attack —and research suggests they are likely correct.
Cyber security and application delivery firm Radware conducted a study of 1,000 Americans via SurveyMonkey to determine the perception of cyber security practices in schools and universities. The survey found that while most Americans are not aware of a cyber attack against a school, many fear that one could easily be conducted—even by a student.
Seventy-six percent of respondents said they have not heard of a school being the target of a cyber attack, though such attacks have unquestionably occurred—including attacks on schools in Miami and San Diego earlier this year.
When asked how confident they were that they or their children could be protected against a cyber attack against a school, the majority of responded with a confidence level of three or less on a scale of five. Just 33 percent responded with a confidence level of four or five.
Additionally, nearly half of all those surveyed—48 percent—said they have never received cyber security tips or advice for protecting personal information from their school. Just over one in ten respondents said they receive such tips from their school on a monthly basis or more often.
Whiles schools may not be educating parents or students on best practices for cyber security, the survey found many believe students have the technical knowhow to commit a cyber attack against their own school.
Fifteen percent of respondents believed a student in grades 1-6 could disrupt a school’s operations via a cyber attack. A majority of those surveyed believed a high schooler could carry out such an attack somewhat easily or very easily, while two in three people believed an undergraduate student could take down their school’s network.
The risks suggested by the respondents are anything but hypothetical. According to Radware’s Global Application and Network Security Report, schools have security budgets that are 50 percent lower than those for financial institutions or government organizations and 70 percent lower than those of telecommunications or retail companies.
This creates a problem for students as well as parents, who regularly share important, personal information with their schools and universities—from contact information to medical data and of course grades and other information related to in-school performance and activities.
Radware found that schools estimate the cost of an attack to be just $200,000 compared to more than double that for financial firms, four times as much for retailers, and five times as high for healthcare and government organizations.
The concerns about students launching attacks against their schools was also borne out by Radware’s researcher. Nearly one in three attackers, 31 percent, that target schools are disgruntled users or students—a much higher percent than the rate in other industries.
While most Americans may be unaware of cyber attacks against schools, a majority of institutions have reported being hit by some form of attack. Fifty-seven percent reported being affected by malware, a similar percent were attacked through phishing or social engineering and 46 percent experience a ransomware attack.
Despite this, 44 percent of schools reported not having an emergency response plan.