Universities hold and process a vast amount of valuable user and research data. This makes them a prime target for cyber criminals. Additionally, universities and other educational settings, such as schools and college IT systems, have become a prime target for some of their own students -- often motivated by an opportunity to cause damage to networks and websites, and/or improve their grades. This paper provides a focused assessment of the current cyber security threat to universities, colleges, and schools (`the education sector') worldwide, providing chronological sequencing of attacks and highlighting the insider threat posed by students. Fifty-eight attacks were identified, with ransomware being the most common type of external attack, and hacking motivated by personal gain showing as the most common form of internal attack. Students, who have become a significant internal threat by either aiding or carrying out attacks are not a homogeneous group, as students may be motivated by different factors, therefore calling for targeted responses. Furthermore, the education sector is increasingly reliant on third party IT service providers meaning attacks on third parties can impact the university and its users. There is very little research analysing this problem, even less research analysing the problem in the context of schools. Hence this paper provides one of the first known assessment of the cyber attacks against the education sector, focusing on insider threat posed by students and offering recommendations for mitigating wider cyber threats.

翻译：大学持有并处理大量宝贵的用户与研究数据，这使其成为网络犯罪分子的首要攻击目标。此外，大学及其他教育机构（如中小学的IT系统）也日益成为部分学生的攻击目标——这些学生往往出于破坏网络和网站、或篡改成绩等动机。本文聚焦评估全球高校、学院及中小学（统称“教育部门”）当前面临的网络安全威胁，按时间序列梳理攻击事件，并重点揭示由学生构成的内部威胁。我们识别出58起攻击事件，其中勒索软件是最常见的外部攻击类型，而基于个人利益的黑客行为是最常见的内部攻击形式。学生群体已成为重要的内部威胁来源，他们或协助或直接实施攻击，但并非同质化群体——其动机存在差异，因此需要采取针对性的应对措施。此外，教育部门日益依赖第三方IT服务提供商，使得针对第三方的攻击可能波及大学及其用户。现有研究对这一问题的分析极少，针对中小学情境的分析更是罕见。因此，本文首次系统评估了针对教育部门的网络攻击，聚焦学生内部威胁，并为缓解更广泛的网络威胁提供建议。