Safeguarding Our Children's Digital Future: A Call to Action

Frequent cyberattacks on America's schools are putting our children at risk. Urgent action is needed to protect students and families.

Arun Vishwanath, Technologist

December 14, 2023

4 Min Read
Kids in a classroom, some using laptops
Source: xavierlorenzo via Alamy Stock Photo

COMMENTARY

Imagine the shock of receiving communication from a hacker saying that your child's most sensitive information — from passports and birth certificates to profile pictures and classroom locations — will be exposed on the Internet unless their school administrators pay a ransom. 

This horrifying situation recently occurred in Nevada's Clark County School District (CCSD), the nation's fifth-largest school district, serving 300,000 students. It's an ongoing nightmare that leaves parents in the district, which suffered a breach two years ago, more informed by hackers than by school officials, who appear less transparent about what’s happening.

While CCSD's plight is unique, its reactions are distressingly familiar. Across the country, schools have become prime targets. In 2022, 1,436 separate schools and colleges fell victim to cyberattacks, which affected over a million students.  Education is among the most targeted sectors and has the highest rates of ransom payment. 

Why Schools Are Frequent Cybercrime Victims

The reasons behind the education sector's vulnerability to attacks are fourfold:

  1. Aging IT infrastructure and lower cybersecurity expertise among staff makes schools attractive targets for exploitation by cybercriminals. 

  2. Organizations subject to breach notification mandates often turn to law firms that prioritize limiting liability over open communication. The loss of transparency leads to generic and often cryptic notifications that provide little useful information and merely offer generic credit monitoring services as the salve for all breaches.

  3. Hackers' tactics have evolved. The widespread availability of advanced AI programs has made creating deepfakes, executing social engineering attacks, and impersonating individuals alarmingly easy. Credit monitoring, which focuses on financial data, is ill-equipped to protect against these emerging threats.

  4. Children are more immersed in technology than ever before, yet have limited engagement with cybersecurity. These digital natives encounter technology at a young age, often without a full understanding of the risks they face. They often seek help from peers who share their limited knowledge, inadvertently compounding the cybersecurity risk for their entire cohort. 

How to Fix the Issues

There is an urgent need to fix these problems because the security of all our children is at stake. Surely the most technologically advanced nation in the world can do better to protect its most precious asset: personal information of future generations.

Fix Teacher Shortages

Today's teachers face a stark reality: Even after years at the job, they earn half the salary of cybersecurity professionals, while working equally demanding hours and often with additional administrative responsibilities. The COVID-related workflow shortages have forced many teachers to shoulder more significant workloads, diminishing the profession's prestige and deterring new graduates from entering the field. To revitalize the field, teacher salaries should be pegged to real-world standards with commensurate scope for career advancement and mobility. Ensuring the security of our children's data and fortifying their digital future necessitates a comprehensive approach encompassing technological enhancements, as well as competitive compensation and strategic recruitment for teachers.

Reform Credit Monitoring

Second, we must reform the credit-monitoring system. Presently, it operates as a fee-based service, with individuals receiving it for however long breached companies agree to pay for it. Cost-free universal credit monitoring and ID protection should be available across the lifespan, regardless whether someone was breached. This would greatly enhance the quality of overall credit-monitoring data (before it is corrupted by cybercrime), and parents wouldn't need to lock their children's credit or worry about losing protection when their paid service expires. This approach safeguards Americans' creditworthiness, preserves the financial system's integrity, and promotes economic growth.

It's time to transcend the limited, fee-based models and establish a universally accessible system that shields Americans from evolving cyber threats and identity theft, making a lasting investment in our nation's financial stability. A comprehensive, universally accessible system helps protect every American's credit from the ever-evolving threats of cyberattacks and identity theft. This investment in our collective financial well-being will yield immeasurable benefits for generations to come.

Train Students

Lastly, we must prioritize cyber-hygiene training in K-12 students. The White House's National Cyber Workforce and Education strategy underscores the urgency of cyber education in children’s formative years. While states like New York have taken steps by introducing computer science and data fluency standards, these initiatives fall short. The current goal of digital proficiency is akin to teaching children to not start fires. We need to go beyond and equip children with the skills to extinguish fires. This demands comprehensive cyber-hygiene training — educating children on protecting their data during transmission, safeguarding their online identities, and effectively responding and mitigating attacks.

It's not sufficient for children to comprehend data co-option; they must grasp the potential exploitation of co-opted data. A comprehensive K-12 cyber-hygiene program imparts the knowledge, tech-savvy media habits, and deception-recognition skills required to prepare future generations.

Failing to Act Is Failing Our Children

Because of the never-ending news about wars and natural calamities, cyberattacks rarely make headlines today. We may avoid discussing it and allow lawyers to craft inscrutable messages to shield organizations from breach liability. But what we are really doing is selling our children's future. It's essential to recognize that our actions today affect the futures of our children. The time to act is now.

About the Author

Arun Vishwanath

Technologist

Arun Vishwanath, Ph.D., MBA, is among the foremost experts on the "people problem" of cybersecurity. He is the author of the book, The Weakest Link: How to Diagnose, Detect, and Defend Users from Phishing, published by MIT Press.

His research on the science of cybersecurity focuses on the biggest vulnerability in enterprise security: users. His body of work includes the development of methodologies to quantify human cyber-risk, approaches to diagnose how and why people are at risk through social engineering, and techniques to mitigate this risk.

Arun, an alumnus of the Berkman Klein Center at Harvard University, has held faculty positions at the University at Buffalo and Indiana University. He has authored close to 50 peer-reviewed research papers on the science of security and has written pieces for CNN, the Washington Post, and other leading media. His views on cybersecurity have also appeared in Wired Magazine and in reports such as the Verizon "Data Breach Investigations Report" (DBIR). You can read more about him on his website here.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights