The company that develops math and reading tests for New York state’s third through eighth-grade classrooms suffered a security breach that allowed access to the personal information of 52 students. This information included the school’s name, grade level, teacher’s name, student ID number, and the students’ names.
While this is a relatively minor breach compared to other recent cybersecurity incidents, it’s yet another sign that the educational industry is an increasingly common target. However, in addition to cyber criminals, former employees are another major vulnerability for computer systems worldwide.
The company behind the testing system, Questar Assessment, suspects a former employee is responsible for the security breach.
The State Education Department responded in rapid fashion, requiring a universal password reset, a termination of all past employees’ accounts, and an independent audit of the firm’s systems and security.
“We’re working very hard to hold the responsible parties accountable and, most importantly, to make sure this never happens again in New York,” the New York Times reports MaryEllen Elia, the state education commissioner, saying.
Even though 58% of businesses are worried about cyber attacks, they seem to happen with increasing frequency.
At the beginning of January, the Department of Homeland Security, America’s supposed first line of defense from terror and external threats to the nation, suffered a security breach of embarrassing scale.
CNET reports that the personal information of 247,167 current and former employees was stolen. Social security numbers, birthdays, pay grades, positions, and locations of the compromised individuals were all accessed by a former employee.
While cybersecurity is in its infancy, businesses have grappled with security concerns since time immemorial. While 38% of inventory shrinkage is caused by shoplifting, an almost equal proportion (34.5%) can be attributed to employee theft. This employee theft trend is not even contained to the online realm, as a former employee that reported to the president of Goldman Sachs was recently arrested for $1 million worth of wine from his (ex) boss’s personal stash. Likewise, when employees have the keys to the company’s data, the risk of cyber attacks goes up.
As a result of high profile cyber attacks, more companies are investing in cybersecurity personnel — if they can find it. While the average security guard takes an average pay of $30,000 per year, according to the U.S. Department of Labor, the average cybersecurity salary is currently $116,000 per year.
Of course, not all employees steal. In fact, most don’t. But with businesses moving online in droves, creating their own management systems and utilizing their own (largely unaudited) security protocols, disgruntled employees have more of an advantage than ever. If an employee wants valuable information from their company, all they need to do is log in and take screenshots of whatever work management software they use.
The internet was (and is) supposed to be the great democratizing force of our time, it also creates new risks. Though the breach of Questar Assessment was comparatively small, it reflects the fact that progress in cybersecurity must continue.
