- ICO finds the majority of initiate cyber attacks in British schools caused by students
- Many violations related to low passwords or stolen connections operated by students
- Managers urge schools and parents to guide curiosity in the legal legal channels
The Office of the Information Commissioner (ICO) warned that students are increasingly behind the initiate cyber attacks in British schools and colleges.
Between January 2022 and August 2024, ICO analyzed 215 data violation reports in the education sector involving threats of initiates.
He found that 57% of incidents were caused by students. Nearly a third party came from stolen or devined connection details, with students responsible for 97% of these cases.
Connect, do not break
While Hollywood has portrayed adolescent hackers with a degree of glamor in films such as Ferris Bueller’s leave day Or PiratesThe reality described by ICO is both more banal and more damaging.
Children do not enter systems but do not connect, often by exploiting low passwords or taking advantage of bad data protection practices.
A case highlighted by ICO has shown how speed can be curiosity in a serious violation.
“Students of the three years 11 illegally reached the information management system for a secondary school, which contains personal information of more than 1,400 students. When questioned, students admitted have been interested in IT and cybersecurity, and they wanted to test their skills and knowledge. Students used tools downloaded from the Internet to break passwords and safety protectors, with two of the students admitting that they belong to a pirate of words online. ”.
In another example of ICO:
“A student illegally accessed a college information management system, then consulted, modified or deleted personal information belonging to more than 9,000 employees, students and candidates. The system has stored personal information such as the name and the reception scheme, school records, health data, backup and connection by the college.
The ICO noted that 23% of the incidents in the education sector were caused by bad data protection practices, such as staff accessing files without legitimate need, leaving unattended devices or allowing students to use staff devices.
Another 20% involved personnel sending data to personal accounts, while 17% come from poorly configured access rights.
5% involved the initiates to deliberately bypass network security.
“While education circles are experiencing a large number of cyber attacks, there is still proof that is increasingly” threat of initiates “is poorly understood, largely without problem and can lead to a future risk of damage and crime,” said Heather Toomey, cyber-specialist.
“What starts as a challenge, a challenge, a little pleasure in the school environment can ultimately lead children to participate in prejudicial attacks against organizations or critical infrastructure.”
The ICO urges schools to strengthen training, reduce unnecessary access and guarantee that data protection is updated regularly.
Parents are also encouraged to speak openly with their children about online behavior, with the aim of directing curiosity in positive channels rather than criminal activities.
“It is important that we understand the interests and motivations of the next generation in the world online to guarantee that children remain on the right side of the law and progress in enriching careers in a sector in a constant need for specialists,” concluded Toomey.
