Although frequently omitted from conversations about cybersecurity, K-12 schools and institutions of higher education are under assault from so-called hacktivists, computer criminals, and nation-states alike. Educational institutions provide a perfect target because they hold much of the same personal, health, and financial information as in other sectors. Theft of this information can lead to financial ruin, reputational damage, and online abuse for students and faculty. Graduate students and their faculty supervisors conduct research into sensitive technologies that nation-state adversaries might want to steal. Many schools own or lease powerful Internet connections that criminal hackers can repurpose to launch sophisticated attacks on other victims.
These computer systems are often vulnerable to compromise. Academic culture, which values open access to information and encourages students to use mobile devices on school networks, creates an enormous attack surface that can be difficult to monitor and secure. Compounding this dilemma are typical challenges such as overworked staff and strapped budgets.