Kids are getting smarter when it comes to hacking skills according to new research that showed 15% of American people believe students in grades 1-6 (age 6 to 11 years) would find it easy to hack a school.
The numbers rise with age. Some 57% think a high school student could easily hack a school, and 63% think an undergraduate would have no problem. These responses were part of a survey of 1,000 Americans conducted by Radware.
Perhaps part of the reason Americans think it is so easy for students to hack a school is that they do not have any idea whether schools are equipped to defend themselves. When asked to grade schools on their ability to protect students’ personal information, privacy, and safety, 45 % simply selected “I don’t know”.
That perceived lack of competence in protecting privacy could stem from personal experiences with school communications. Respondents reported that schools often aren’t educating students on how to better secure themselves online. Nearly half (48%) said they had never received communications from a school containing cyber-security tips or counsel on protecting themselves, students, and devices.
“This research from the US is certainly food for thought as our children start school this month”, says Andrew Foxcroft, Radware Country Manager & Regional Director UK, Ireland & Nordics. “We are investing more than ever in coding programmes, with students often starting at a very young age. That’s great news for the skills shortage we face but, speaking from personal experience, children aren’t being taught about the ethics and risks of coding, especially the use of open source libraries and reusing other people’s code. There’s a real danger that children could create malicious code, potentially unwittingly, and run into trouble.
And of course, the more we talk about ethical hacking at an early stage, the more children will see there is a definite and lucrative career path – companies are keen to employ skilled hackers who can help shape their security strategy.”
We are investing more than ever in coding programmes, with students often starting at a very young age. That’s great news for the skills shortage we face but, speaking from personal experience, children aren’t being taught about the ethics and risks of coding… – Andrew Foxcroft, Radware
More needs to be done to help parents see the benefits too: “Coding isn’t something parents did at school, nor was it a necessity to think about personal safety on the net, so I know from personal experience, it can feel quite daunting to have a conversation about it with a child. This research highlights that we need to make sure parents are given the right support to talk to children how to stay safe online and spot when things might be going wrong.”
According to Radware’s Global Application and Network Security Report, the education sector is among the least ready of any industry to withstand a cyber attack.
Schools in US and Europe tend to have security budgets that are 50% lower than those in financial or government organisations, and 70% lower than in telecom and retail. Of course, that may be because schools estimate that an attack will only cost them $200,000, a fraction of the $500,000 expected by financial firms, the $800,000 by retailers and the $1 million price tag foreseen by health care, government, and tech organisations.
But the relatively low estimated cost of an attack doesn’t mean attacks are any less disruptive. Nearly a third (31%) of attacks against schools are from angry students or teachers, a %age far higher than in other industries. Some 57% of schools are hit with malware, the same %age are victims of social engineering, and 46% have experienced ransom attacks. Despite this 44% of schools don’t have an emergency response plan.
“Every parent should be concerned about the statistics related to social engineering’” says Andrew. “Children want to be popular and this trait is easy for someone unscrupulous to exploit. It’s not difficult to draw someone in online and get them to share passwords or install malware. Sadly, it could even be a friend that takes advantage – share your Netflix password and it’s very likely you have also handed over the password to a gmail or Instagram account. Parents and teachers need to work together to help students understand the risks so that they stay safe.”
“But as well as keeping children safe from their own actions, schools also have a duty of care to protect the personal data of their students. It’s paramount they defend their networks and review the different scenarios they may face”, adds Andrew. “All it takes is a software flaw as we saw with WannaCry, through to an expelled child buying a hack online for $19. Only when they do this can they assess where the blind spots in their security strategy are and fix them with the right investment and skills.”