Kids are making a mark in the U.K.’s cybersecurity arena, and not in the way their parents want them to. According to the country’s Information Commissioner’s Office (ICO), students were behind more than half of personal data breaches in schools.
In a warning to teachers and educational institutions, the ICO outlined its analysis of 215 data breach reports resulting from security incidents originating from inside schools, finding that 57% of the hacks were pulled off by students.
Nearly a third of the breaches were made possible because students guessed commonly-used passwords, or just found login details written down, per the ICO.
The ICO did say, however, that a small number of incidents (5%) required more sophisticated techniques to bypass security and network controls. The regulator gave an example of how three Year 11 students hacked into a school’s student information system using tools to break passwords and bypass security protocols; two of the students even confessed to being part of a hacking forum.
“Children are hacking into their schools’ computer systems – and it may set them up for a life of cyber crime,” the report reads.
The warning goes on to say that dares, notoriety, money, revenge, and rivalries are among the reasons kids say they hack into systems.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure,” Heather Toomey, principal cyber specialist at the ICO, said in a statement.
The report shone more light on how these breaches happened: nearly a quarter of the data breaches took advantage of weak data protection practices like teachers letting students use their devices; 20% of the hacks were caused by staff using personal devices for work; and 17% of breaches happened due to improper access control for systems like Microsoft SharePoint.
Calling its findings “worrying,” the ICO urged schools to help address these issues by refreshing GDPR training, improving cybersecurity and data protection practices, and reporting breaches on time.
.jpg?w=100&resize=100,70&ssl=1 "The Best Podcasts for Everyone")
/cdn.vox-cdn.com/uploads/chorus_asset/file/25719630/247350_CMBF_2024_EWinataBlackFriday_2040x1360.png?w=100&resize=100,70&ssl=1 "Here are the best Black Friday deals you can already get")
