CISOs in the education sector face a unique challenge: ensuring open access to information for students and staff while safeguarding sensitive data from escalating cyberthreats. Striking this balance requires innovative strategies, robust security frameworks and a deep understanding of the evolving cybersecurity landscape. We asked three industry experts how CISOs in the education sector can balance the need for open access to information with the growing risks of cyberattacks and data breaches.
AJ Thompson, CCO at Northdoor
Balancing open access with cybersecurity is a pressing challenge in today’s hyperconnected environment. For institutions like schools, colleges and universities, which prioritise collaboration and learning, the risks posed by cyberthreats have grown exponentially.
Traditional approaches to cybersecurity that rely on securing the network perimeter are no longer sufficient in a world of flexible working, cloud-based systems and personal devices.
A Zero Trust security model offers a practical framework for addressing these challenges. The core principle of Zero Trust is simple: Trust Nothing, Trust Nobody. This means treating every device, user and system as a potential threat until it has been verified.
For educational institutions, this approach ensures that students, faculty and staff only gain access to resources they are explicitly authorised to use, reducing opportunities for both insider and external threats.
Key to this strategy is layered security applied across all aspects of the network, including users, devices, applications and databases. For example, students accessing online learning platforms can be given permissions limited to those systems, while staff working remotely use multi-factor authentication to verify their identities. Such measures ensure that access is granted only when necessary and appropriate.
AI plays a critical role in enhancing this framework. AI-driven tools can monitor networks in real time, flagging suspicious activity such as unusual login patterns or unauthorised data transfers. These systems can triage alerts, helping cybersecurity teams focus on the most urgent threats and respond quickly to mitigate potential breaches.
The shift to hybrid learning and increased connectivity also creates new vulnerabilities, such as phishing campaigns and ransomware targeting students and staff. By adopting a Zero Trust model, educational institutions can proactively address these risks while maintaining the openness needed for collaboration and learning.
Ultimately, the goal is to strike a balance between security and accessibility. A comprehensive Zero Trust approach doesn’t restrict legitimate users but ensures that sensitive data, systems and resources are protected against a constantly evolving threat landscape.
Educational institutions must recognise that relying on outdated strategies is no longer viable and that adopting modern, adaptive solutions is essential to staying secure in an increasingly complex digital environment.
Vichai Levy, VP R&D, Overseeing Architecture, Protegrity
The frequency of data breaches in the education sector surged in 2023, compromising the private information of students, parents and educators. This highlights a significant vulnerability: while schools increasingly rely on digital tools and platforms to enhance learning, many lack robust cybersecurity measures to safeguard sensitive data.
According to a report from Sophos, 80% of K–12 schools and 79% of higher education institutions in the U.S. were hit by ransomware attacks in 2022, a sharp increase from previous years. These incidents highlight the growing threat to educational institutions, where cyberattacks often exploit system vulnerabilities, putting student and staff data at serious risk.
Weak cybersecurity measures have made educational institutions attractive targets for cybercriminals. Data from the 2024 Sophos State of Education report revealed that 85% of ransomware attacks on K–12 schools and 77% on higher education institutions involved data encryption. The financial toll has been significant, with the cost of recovering from attacks doubling for K–12 schools and quadrupling for universities.
A key issue is that educational institutions often disclose data breaches slowly. For instance, only 29% of K–12 schools publicly disclose cyberattacks, though the actual number of incidents is likely higher. This lack of transparency increases risks significantly, as individuals may remain unaware their personal information has been compromised for an extended period, making it harder to prevent further misuse of stolen data.
To better defend against cyberthreats, CISOs in the educator sector must prioritise investing in comprehensive data protection solutions. Encryption and tokenisation are two powerful techniques that can help shield student and teacher data by making it useless without proper decryption keys. Even if attackers breach a system, encrypted data remains inaccessible.
Schools must also adopt transparent cybersecurity policies. It is crucial to work with external vendors to ensure all digital tools and platforms meet strict security standards. Additionally, promoting cybersecurity awareness among parents, educators and students can reduce the risk of human error, such as falling for phishing scams.
While the education sector is often overlooked in discussions about data security, it is undeniably a high-value target in today’s threat landscape. Protecting all data is important, but safeguarding the personal information of young students is especially critical. By investing in the right data protection technologies and fostering a culture of cybersecurity, schools can improve their defences and protect the futures of both students and educators.
Danielle Kinsella, Technical Advisor EMEA, Gigamon
CISOs in the education sector face a unique challenge as they are forced to reconcile the need for open access to information with the rise in data breaches. In fact, government data indicates that most schools and colleges in the UK detected a cybersecurity breach between 2023 and 2024, highlighting the true extent of security vulnerabilities within the sector.
Educational institutions are characterised by a broad and burgeoning user base, including students, staff and external collaborators, all of whom require instantaneous access to resources and data for academic and administrative purposes. These accessibility needs, coupled with the growing volumes of network traffic, pose a threat to the security of sensitive data and has prompted a move by institutions to hybrid and multi-cloud IT infrastructures. However, this has added greater levels of complexity when securing such infrastructures due to the risk of infrastructure blind spots.
This is where comprehensive visibility is key. CISOs must ensure they have real-time insight into all data in motion – whether that is North-South or East-West – which enables the detection of unusual activity or potential threats, such as unauthorised access attempts or data exfiltration. With complete visibility, CISOs can quickly detect vulnerabilities and respond appropriately before attacks escalate, avoiding significant disruption to network performance and availability.
Reaching this desired level of visibility doesn’t necessarily mean adding new tools, nor breaking the bank. By enhancing existing security tools with actionable network-derived intelligence delivered in real-time, educational institutions can maintain the open, collaborative nature of their environments while addressing the growing risks of cyberattacks and data breaches in turn.
