Children in the U.K. are increasingly engaging in cybersecurity incidents within educational institutions, surprising many parents. The Information Commissioner’s Office (ICO) reports that students are responsible for over half of data breaches in schools.
According to an ICO analysis based on 215 incident reports, 57% of these breaches stem from activities carried out by students themselves. This internal threat is a significant concern for educators and administrators.
The ICO highlighted that nearly one-third of the breaches were facilitated by students guessing commonly used passwords or locating written login information. This behavior underscores a disturbing trend where students exploit easily accessible security weaknesses in their school’s cybersecurity posture.
While the ICO noted that a small fraction of breaches (5%) involved more sophisticated techniques, one notable incident involved three Year 11 students who used hacking tools to access their school’s information system. Evidence surfaced that two of these individuals were active participants in a hacking forum, indicating a deeper engagement with cybercriminal activities.
The ICO report indicates that the motivations behind these actions vary, driven by factors such as the desire for fame, financial gain, revenge, or peer challenges. “What begins as a playful challenge in school can escalate into serious breaches affecting organizations and critical infrastructures,” stated Heather Toomey, principal cyber specialist at the ICO.
Further analysis revealed that nearly a quarter of these breaches exploited weak data protection protocols, including instances where teachers permitted students to use personal devices for schoolwork. Additionally, 20% of incidents were tied to the use of staff personal devices for work-related activities, while 17% stemmed from inadequate access controls in systems like Microsoft SharePoint.
The ICO described its findings as “alarming,” urging educational institutions to strengthen cybersecurity measures, including enhanced GDPR training and improved data protection practices. Timely reporting of breaches was also emphasized as a crucial step in addressing these vulnerabilities.
In the context of MITRE ATT&CK, tactics such as initial access through credential dumping and exploitation of weak passwords, along with techniques for privilege escalation and persistence, are relevant to understanding how these breaches occurred. Educational institutions must become more vigilant in their cybersecurity strategies to mitigate the risks posed by these insider threats.
