Educational institutions are where we shape our knowledge in preparation for our adulthood. For every field of study, time needs to be spent in a curriculum designed in order to maximize learning opportunities, or that should be the case. In the field of IT, especially in cybersecurity, no school or a University can claim that their graduates become experts of the field of their choice after the commencement exercises. However, the curriculum should be adequate to somehow point the student to the correct direction what specialization to take using their free time, as experts in IT are usually self-taught individuals.
The real big concern is not the students who may not have an adequate knowledge after leaving the college or university, but rather the capabilities of these institutions to have a credible cybersecurity arrangement. Funded privately for private schools, universities and colleges or government funded state educational institution, most of them neglect the reality that Internet connection is a channel open for infiltration if not defended well.
In 2018 alone, we heard stories of hacking involving schools, their students and their teachers. Way back in May 2018, a school’s network facility (Bloomfield Hills High School in Andover, Michigan) has been infiltrated with the end goal of changing the grades of some students and unauthorized transfering of funds as cash allowance for meals. Another incident on the same month involved W.S. Neal High School in East Brewton, Alabama, which cannot determine who will be the batch valedictorian and salutatorian as the grades were remotely manipulated. To the horror of the investigators, the same grade manipulation through the use of unauthorized access to the school’s computers has been happening since 2016.
Another similar case of highschool hacking was the story of 16 years old student studying in Ygnacio Valley High School in Concord. The school pressed-on with the charges, and the teen was charged for 14 counts of unauthorized use of network through phishing. He gained unauthorized access to the school’s servers through a clever social engineering technique; he gave himself high grades while manipulated the grades of his classmates.
These three incidents were not isolated cases, in fact in July 2018, an 18-year old geeky student in Nebraska is serving as the school’s unofficial white hat hacker, who reports security issues to the IT admin in exchange for small tokens, like a Subway gift card. He used to hack his school’s computers for the fun of it, but could have chosen to manipulate grades instead. He had this passion with cybersecurity and even received praises as a white hat who helped bounty hunt for Valve, Yahoo and even the U.S. Department of Defense.
As we’ve witnessed, these four incidents were huge cybersecurity issues involving schools in 2018, perpetuated by internal personalities, students. Unless the school administration gets their act together, the risks the school computers will not be minimized, in fact we have not yet even discussed the external threats from professional cybercriminals. The only way to help prevent incidents similar to the above-mentioned case is for establishing a reliable penetration testing for the school’s network and computers. Penetration testing may be expensive at first glance, but white hat hackers performing ethical hacking is much better than falling for malicious cyber attacks both internal and external. Some institutions fail to recover from a damaged brand due to the news about getting hacked, a preventive measure like penetration testing will be a good defense strategy against risks.