Skip to main content
close search
site logo
Dive Brief

Navigating cybersecurity risk assessment measures can get complicated for schools, districts

Published Aug. 13, 2018
Roger Riddell's headshot
Senior Editor
Deposit Photor

Dive Brief:

  • As cybersecurity grows in importance for schools and districts, navigating the scope and expense of tools like penetration tests and vulnerability scans to get the most out of funding can be complicated, according to EdTech: Focus on K-12.
  • In a penetration test, cybersecurity professionals attempt to infiltrate a network in order to identify weaknesses that could be utilized in a real attack, while vulnerability scanning utilizes automated cybersecurity tools to probe a network on a weekly basis for vulnerabilities that need to be addressed.
  • In many cases, a combination of the two approaches is likely to be used, with regular vulnerability scans supported by occasional penetration tests, as the latter is a manual process that requires more time due to the level of precision and ingenuity involved. 

Dive Insight:

Though classroom ed-tech tends get the bulk of attention, technology is present in just about every aspect of a school or district. The massive amounts of personal data alone that is stored digitally has served to make education one of the most highly targeted sectors by hackers.

A September 2016 analysis from security ratings firm BitSight found that malware attacks against education outpaced those against government, healthcare, energy, retail and finance. And ransomware attacks, where access to data is locked by hackers and held for ransom, are especially popular and lucrative. Research has estimated that the total amount raked in by these attacks over a two-year period totaled around $25 million, and districts have individually paid in the thousands to regain access to their information.

On the penetration test versus vulnerability scan front, it may be most expedient for districts to ensure they have the a system for the latter in place first-and-foremost, as those scans can run constantly and monitor the network. But investing in a more expensive penetration test from time to time can help keep all bases covered.

Beyond that, one of the most important layers of safety that absolutely cannot be overlooked is addressing a network's end users, the No. 1 threat to security. At the University of Dayton, CIO Thomas Skill has spearheaded a campus-wide effort around performing phishing tests; sending updates, warnings and the latest security news; and offering incentives and prizes to people who complete certain actions. Ultimately, this increases the cybersecurity awareness among students, faculty members and staff, who may not be aware just how easy it is to fall victim to malicious activity — it can take just one click on a bogus link in a phishing email to compromise a network.

Recommended Reading

Filed Under: Technology, K-12

Editors' picks

Company Announcements

View all | Post a press release
Breaking Barriers: La Promesa High School Transforms Learning for Newcomer Students through Sc…
From Timely
January 13, 2025
K12 Education Expert Launches Behind The Desk, Monthly Subscription for School Administrators
From Jana Lee Consulting
January 13, 2025
VHS Learning’s Spring 2025 Registration Open; Classes Begin January 29
From VHS Learning
January 10, 2025
New Digital Curriculum Combines the Thrill of Playing Sports with the Flexibility of Online ST…
From STEM Sports
January 07, 2025
Editors' picks
Latest in Technology
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.