eWeek Security Watch
Advertisement
Advertisement
May 19, 2009 2:54 PM

Increasing School IT Security Breaches Causing Headaches



Elementary and high school districts are always under pressure from parents, school board members, teachers unions, truant trackers--you name it. My hat's off to district superintendents; this is no job for the faint of heart.

Anyway, there's another headache for these long-suffering folks to ponder: increasing attacks on school IT systems from cyberhackers. And, it turns out, a majority of these misdeeds are being perpetrated by insiders.

In the past year, more than half [55 percent] of all U.S. school districts reported a security breach, up substantially from 2008. This is according to a new survey of 400 K-12th-grade IT managers conducted by IT integrator CDW Government that was released May 18.

Here are some of the details of the 2009 School Safety Index:

--CDW-G found that while K-12 districts are indeed taking steps to improve network and building security, increased breaches caused an overall decline in schools' physical- and cyber-security scores.

--Both IT and physical breaches are on the rise. In the last 12 months, 55 percent of districts report experiencing an IT breach, such as unauthorized user access, hacking or viruses; 67 percent experienced a physical breach such as break-ins, unauthorized persons in school buildings or vandalism.

--Despite increased numbers of security breaches, about 75 percent of respondents rated their cyber and physical security as adequate.

--Most IT breaches originate internally--41 percent from students and 22 percent from staff or employees. Physical security breaches are most often caused by unidentified persons (42 percent) and students (37 percent).

--Districts' top IT and physical security barriers--lack of budget, too few staff resources and the need for more security tools--remain unchanged for the third year.

Sixty-seven percent of the surveyees said a lack of funding was the primary reason they could not improve cyber-security. Fifty-six percent said not enough staff resources was the main problem.

It's well known that President Obama, trying to keep his finger in the budget dike, has proposed budget cuts in federal technology grants for K-12 education. If these cuts are approved by Congress in the next few months, this will make it even more difficult for schools to protect their networks from cyber-attacks and students from online predators.

Mention this to your Congressional representative next time you see him or her.

Posted by Chris Preimesberger on May 19, 2009 2:54 PM

| Comments (2) | del.icio.us | digg.com | Trackback | Post a Comment
TrackBack

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/17099

Comments (2)

JIM :

Why is it that schools have not taken advantage of open source software? They could use the money that they save in Microsoft licenses for more staff or better training and they could use existing hardware longer. The students would also benefit by being exposed to different software and could learn to be flexible in how they approach software use.

Posted by JIM | May 20, 2009 11:27 AM

Chris :

@Jim

Businesses don't use Open Source. People grow up with Microsoft or Apple. Putting open source software in requires further training for employees and lowers the chance of quick hiring. And why teach a kid to use Ubuntu if they never come across it? Oh, and open source is fragmented. No such thing as one linux or unix. There's heaps of em and more every day. Very few companies offer support. Which is what Microsoft offers that puts it ahead of Open Source.

Comment on the article. Companies in general have always put security low on the list of expenditure. They spend thousands on software and hardware and have no visible return. Not getting hacked can be argued away as saying you haven't been targeted. And then with schools you enter in kids. Who are smarter than most people realise. And who are bored with the simplistic curriculum. Coupled with how most schools have worse security than average..

In my school:

Tools>Options>Map Network Drive

Gave you access to quite a few computers. Teachers, servers, principal.. Boredom leads to exploration leads to vulnerability finding.
They have a filter on the internet.

So:

Start>Run>"cmd">"ping *sites name*">Enter

copy IP address, put it into address bar in web browser. You get past the filter.

Oh yea, @Jim. You have students like this with no great computer knowledge. Imagine if you gave them the ability to operate Unix via commandline.. :P

Posted by Chris | May 25, 2009 3:52 AM

Post a Comment

 
 
RSS Syndication

Security News

Advertisement

TLD regulation

Adware

Android

Apple

Applications Whitelisting

AV tools

Backdoor

BlackBerry

Blacklisting

Blended attack

Botnet CnCs

Botnets

Browsers

CAG

China

Cisco

click fraud

Cloud computing

Conficker

Corporate espionage

Cyber-war

Data Breach

Data Security

Data securityAdd category

Database security

DDoS

Disaster Planning

domain registration abuse

e-banking fraud

eBay

Enterprise security strategy

Ethical hacking

Exploits and Attacks

Facebook

File-sharing

Flaws

Google

Government standards

Hactivism

ID theft

Identity fraud

Identity Theft

iframe

Illegal pharmacies

Industry events

Infrastructure security

Internet regulation

Intrusion Detection/Prevention

iPhone

ISPs

Java

MAAWG

Malware

Malware toolkits

Mergers and Acquisitions

Messaging security

Microsoft

Microsoft Windows

Mobile malware

multimedia

NIST

Online malware

Open Source

Oracle

Patches

Phishing and Fraud

PowerPoint

Privacy

Product Reviews

Products

Regulation

Risk Management

Rogue AV

Rootkits

RSA Security Conference

Russia

SaaS

SCADA

Search

SEO

SEO poisoning

Smartphone security

Social engineering

Social networking

Spam

SQL injection

Trojan attacks

Twitter

video games

Virus and Spyware

Vulnerability Research

Web 2.0

Windows 7

YouTube

Advertisement
Security Watch     Contact Us | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Security
Network Security
Infrastructure Security
How To: Data
IT Security News
Cheap Hack Blog
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
PC Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews
Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel Partners
Careers Blog
Value Added Resellers
More eWeek Links:
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Green IT
eWeek Magazine Subscriptions
Enterprise Websites:
ZDE Home
Baseline
Channel Insider
CIO Insight
eSeminars
eWeek Mid-Market
Publish Online
Web Buyers Guide
Developer Websites:
Dev Shed
DeveloperShed
ASP Free
MS DevSource
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
iGrep Search Engine
PDF Zone
Linux Watch

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt, and eWeek Security Watch are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
Hosted by Hostway.

Ziff Davis Enterprise