SecurityScorecard Report Finds U.S. Education System Ranks Last for Cybersecurity among 17 U.S. Industries
New York, NY, December 13, 2018 - SecurityScorecard, the leader in security ratings, today announced the release of the company’s latest research, The 2018 Education Cybersecurity Report. This report examines the shift to modern data collection and storage in the education system and the new risk factors this move invites as massive amounts of personal data is being aggregated on networks and stored on premises and in the cloud, much of it accessible to multiple third parties.
Data collection is a vital resource for educational institutions across the world, including student records, which contain highly sensitive material such as a student’s name, address and social security number, and often test scores, behavioral assessments, personal health data and more. In addition, research project data at leading universities is a ripe target for cyber criminals and nation states. The 2018 Education Cybersecurity Report shows that out of 17 industries in the U.S., education ranks last in terms of overall cybersecurity posture.
In 2018, SecurityScorecard analyzed 2393 companies with a footprint of 100 IP addresses or more in the education industry.
“The lack of resources and attention to cybersecurity in schools and universities should be a cause for serious concern among students, parents, school boards, and the education industry as a whole,” said Sam Kassoumeh, COO and cofounder of SecurityScorecard. “Schools collect an incredible and vastly increasing amount of personal data about students. At the same time research universities house valuable IP. Securing these networks and protecting this information is essential to protect the future of innovation and privacy.”
SecurityScorecard found the Education category performed poorly in three key areas: application security, patching cadence and network security.
- Application Security: As more schools rely on educational technology and software solutions for testing and metrics, substantial risks come into view. Application software vulnerabilities represent a top target for hackers, and educators' reliance on these technologies is one of the most significant data breach risks.
- Patching Cadence: Despite school IT departments recognizing the importance of a rapid patching cadence, updates are often scheduled when systems are inactive. A slow patching cadence or late patch installation, open systems up to unauthorized users.
- Network Security:: Networks are indispensable to access classroom materials and resources as they incorporate more laptops and tablets than curricular tools. As more students use cloud services to connect to work between the home and the classroom, the education sector needs to focus on business continuity of network security. Network security issues plague the education industry as it stands on the brink of becoming the next major attack target.
“A cybersecurity plan for schools should reflect a holistic approach to student data protection and visibility across the education systems’ vendor ecosystem to assess risk,” continued Kassoumeh.
Get your Instant SecurityScorecard to discover how hackers, partners and customers see your organization.
Headquartered in the heart of New York City, SecurityScorecard's vision is to create a new language for measuring and communicating security risk. The company was founded in late 2013 by Dr. Aleksandr Yampolskiy and Sam Kassoumeh, two former cybersecurity practitioners who had served, respectively, as Chief Information Security Officer and Head of Security and Compliance. With cloud solutions becoming an increasingly integral part of the security technology stack Yampolskiy and Kassoumeh recognized the need to address third- and fourth-party risk as well as better understand the security capabilities of their business partners. Since its founding, the company has grown dramatically and now counts hundreds of leading brands as customers. SecurityScorecard is backed by leading venture capital investors including Sequoia Capital, GV, NGP Capital, Evolution Equity Partners, Boldstart Ventures, AXA Venture Partners among others. For more information, visit securityscorecard.com.