Young students are making a mark in the United Kingdom’s cybersecurity arena, though not in the way their parents would hope. According to the country’s Information Commissioner’s Office, students were responsible for more than half of all personal data breaches occurring within schools.
An analysis of 215 data breach reports from security incidents that originated inside schools revealed that 57 percent of the hacks were carried out by students. Nearly one third of these breaches were made possible because students guessed commonly used passwords or simply found login details written down.
The regulator did note that a small number of incidents, approximately five percent, required more sophisticated techniques to bypass security and network controls. One example detailed how three Year 11 students hacked into a school’s student information system using tools to break passwords and bypass security protocols. Two of those students confessed to being part of an online hacking forum.
The report states that children hacking into their schools’ computer systems may set them up for a life of cybercrime. According to the warning, dares, notoriety, money, revenge, and rivalries are among the common reasons children give for hacking into systems.
What begins as a dare or a bit of fun in a school setting can ultimately lead to children participating in damaging attacks on organizations or critical infrastructure. The report further detailed how these breaches occur. Nearly a quarter of the data breaches took advantage of weak data protection practices, such as teachers allowing students to use their devices. Twenty percent of the hacks were caused by staff using personal devices for work, and seventeen percent of breaches happened due to improper access control for systems like Microsoft SharePoint.
Calling these findings worrying, the ICO urged schools to help address the issues by refreshing GDPR training, improving overall cybersecurity and data protection practices, and reporting all breaches on time.