Education’s openness a unique security challenge, Verizon says in data breach report

Though the education sector faces similar threats seen elsewhere, its challenge is balancing essential flexibility with sound security practices.
a high school
Getty Images

The education sector is afflicted by many different kinds of threats, from software errors, social engineering attacks and inadequately secured email credentials, according to annual cross-industry analysis of cybersecurity incidents released by Verizon this week. But the telecommunications giant’s 2019 Data Breach Investigation Report found that while the education sector faces myriad vulnerabilities, not unlike other industries, it must do it in a setting that is very open, a Verizon analyst told EdScoop.

“Education has a very wide array of different kinds of threats they have to deal with,” said Gabe Bassett, an information security data scientist for Verizon. There’s nothing in Verizon’s most recent research, however, to indicate the education industry is any more or less secure than other industries, Bassett said.

Human error accounted for 35 percent of data breaches over the last year in the education sector, according to the report. Email leaks are a common attack vector, and roughly one-quarter of breaches in the education sector were the result of web application attacks, often via phishing links to phony login pages. Stolen credentials comprised 53 percent of data compromised, and such credentials were used in more than 80 percent of hacking breaches, the report found.

Bassett also said that the many different kinds of data educational institutions collect — personal data, financial information, intellectual property among them — can attract more interest from bad actors.


But Bassett said it’s the unique openness of education’s cyber environments that present its largest challenge. Where a business can put in more strict guidelines for cybersecurity, he said, “education has to balance their [security] need with flexibility.”

“It’s a double whammy to have such a broad range of threats as well as less flexibility on how to combat those threats,” he said.

However, working together and collaborating on cybersecurity solutions, Bassett said, can help the education industry better withstand incidents and secure its data.

“There is so much we can learn from working with each other and working with other people both within our industry and with other industries,” he said. “We are always better together than we are alone.”

Verizon’s report.

Betsy Foresman

Written by Betsy Foresman

Betsy Foresman was an education reporter for EdScoop from 2018 through early 2021, where she wrote about the virtues and challenges of innovative technology solutions used in higher education and K-12 spaces. Foresman also covered local government IT for StateScoop, on occasion. Foresman graduated from Texas Christian University in 2018 — go Frogs! — with a BA in journalism and psychology. During her senior year, she worked as an intern at the Center for Strategic and International Studies in Washington, D.C., and moved back to the capital after completing her degree because, like Shrek, she feels most at home in the swamp. Foresman previously worked at Scoop News Group as an editorial fellow.

Latest Podcasts