{"id":228383,"date":"2026-06-09T03:02:00","date_gmt":"2026-06-09T07:02:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/09\/students-remain-higher-eds-cybersecurity-weak-link\/"},"modified":"2026-06-09T04:00:10","modified_gmt":"2026-06-09T08:00:10","slug":"students-remain-higher-eds-cybersecurity-weak-link","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/09\/students-remain-higher-eds-cybersecurity-weak-link\/","title":{"rendered":"Students Remain Higher Ed\u2019s Cybersecurity Weak Link"},"content":{"rendered":"<p><a href=\"https:\/\/www.insidehighered.com\/news\/tech-innovation\/2026\/06\/09\/students-remain-higher-eds-cybersecurity-weak-link\">Students Remain Higher Ed\u2019s Cybersecurity Weak Link<\/a><\/p>\n<p><a href=\"https:\/\/www.insidehighered.com\/news\/tech-innovation\/2026\/06\/09\/students-remain-higher-eds-cybersecurity-weak-link\">https:\/\/www.insidehighered.com\/news\/tech-innovation\/2026\/06\/09\/students-remain-higher-eds-cybersecurity-weak-link<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-09 03:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.insidehighered.com\">www.insidehighered.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\nJust 22\u00a0percent of chief technology officers say students at their institution receive adequate cybersecurity training, according to Inside Higher Ed\u2019s 2026 Survey of Campus Chief Technology\/Information Officers. By comparison, 68\u00a0percent say faculty and staff receive adequate training. Another 70\u00a0percent say their institution\u2019s leadership prioritizes cybersecurity investments.<\/p>\n<p>Students constituting a gap in their institutions\u2019 cybersecurity ecosystems is nothing new. In last year\u2019s survey, just 26\u00a0percent of CTOs reported requiring student cybersecurity training, versus 79\u00a0percent for faculty and 86\u00a0percent for administrative staff. <\/p>\n<p>More on the Survey<\/p>\n<p>On Wednesday, June 10, at 2 p.m. Eastern, Inside Higher Ed will present a free webcast featuring expert panelists to discuss the survey findings and what it takes to lead on technology in today\u2019s rapidly shifting postsecondary landscape. Register for that conversation here, even if you can\u2019t attend live.<\/p>\n<p>Inside Higher Ed\u2019s 2026 Survey of Campus Chief Technology\/Information Officers was conducted by Hanover Research. The survey included 130 technology leaders, mostly from public and private nonprofit institutions, for a margin of error of eight\u00a0percentage points. Download the full results here.<\/p>\n<p>But cybersecurity threats to higher education are only increasing, as the recent attack impacting the Canvas learning management system underscored. And artificial intelligence promises to accelerate this trend. Convincing phishing attacks, for instance, are much easier to draft, personalize and deploy at scale with AI. Agentic tools represent new risks. And models have also been used to discover and weaponize \u201czero-day\u201d vulnerabilities\u2014those previously unknown to developers\u2014in software systems. This spring, AI giant Anthropic said it was withholding its own Claude Mythos model from public release due to its unprecedented ability to exploit such weaknesses. That reportedly caused the White House to rethink its laissez-faire approach to AI regulation, though an executive order issued last week introduces a voluntary oversight framework for new models. <\/p>\n<p>Cybersecurity is also a growing concern for CTOs in 2026: Nearly six in 10 (59\u00a0percent) identify critical cybersecurity breaches or ransomware incidents as a top institutional risk through 2030, making it the second-most-cited threat, behind difficulty recruiting and retaining IT talent (62\u00a0percent). The No. 3 threat is unsustainable cost trajectories for technology services (56\u00a0percent). These factors are at least somewhat related: With scarce resources, institutions must triage who and what gets cybersecurity attention. Historically, faculty and staff have been prioritized, given their access to sensitive information by virtue of their roles. But experts told Inside Higher Ed that continuing to put student cybersecurity on the back burner hurts not only the institution but students themselves.<\/p>\n<p>\u201cMost universities do not enforce cybersecurity training for students, which opens up that category of users to be at a higher risk than others,\u201d despite their being the largest campus constituency, said Rob Groome, chief information officer at the University of Southern California\u2019s Institute for Creative Technologies. \u201cUniversities in general need to engage the student population early on in the admission process regarding cybersecurity expectations, once they are accepted. This will create a culture with the incoming student population, and the requirements will just be part of their journey through the university.\u201d<\/p>\n<p>Ben Woelk, governance, awareness and training manager for Rochester Institute of Technology\u2019s Information Security Office, explained that many faculty members have access to valuable research data, while administrators and staff members handle other kinds of sensitive institutional information\u2014making them critical groups for training. But while students may not have access to their college\u2019s highest-value data, they are often among its most vulnerable targets. In this light, student cybersecurity training is as much about protecting them as protecting the institution.<\/p>\n<p>\u201cAcross higher education, we\u2019re seeing students targeted in credential theft so that the attacker can attempt to file tuition refund requests,\u201d Woelk said, adding that these events can be cyclically timed around key dates in the academic calendar. Additionally, \u201cWe\u2019ve had incidences of attackers victimizing international students with visa-related scams.\u201d<\/p>\n<p>In this latter kind of scheme, Woelk said international students receive messages, including calls or texts, that appear to come from government agencies or law enforcement officials warning of visa problems\u2014queries that may seem more credible in the current political environment. Victims are pressured into sending money, sometimes losing thousands of dollars within 24 hours. The Federal Bureau of Investigation and colleges and universities themselves have warned students about such attacks.<\/p>\n<p>Job scams targeting students have also become common, Woelk continued, with hackers promising flexible campus employment in exchange for personal or financial information. Often the initial email comes from an account that appears to belong to the student\u2019s institution.<\/p>\n<p>\u201cIs it a direct risk to the university? No, not so much,\u201d Woelk said of some of these incidents. \u201cBut it\u2019s a horrendous impact on the students.\u201d<\/p>\n<p>Staying Current<\/p>\n<p>At RIT, cybersecurity fundamentals are included in the virtual student orientation curriculum. The training is similar to what faculty and staff members receive, but tailored to students\u2019 unique vulnerabilities and more focused on storytelling and real-world scenarios. Woelk said his team has also worked with international student affairs leaders to raise awareness. The university has experimented with cybersecurity escape rooms, online and off, to increase engagement.<\/p>\n<p>Student attention and staff capacity are challenged across higher ed, he said, but the case for proactive defense is strong: Hackers \u201ccan send out 10,000 emails, as many as they need, and if they get half of 1\u00a0percent to respond and give things up, they\u2019re still getting some return on investment\u00a0\u2026 The attacker does not have to be sophisticated.\u201d <\/p>\n<p>\u2018Don\u2019t click the link\u2019 looks quaint against a tool the student deliberately installed.\u201d\u2014Strategist Aviva Legatt<\/p>\n<p>Strategist Aviva Legatt, author of the Higher Ed AI Playbook newsletter, agreed that student cybersecurity training is a worthwhile pursuit\u2014and that it\u2019s a fast-moving target. Whereas it used to mean \u201cspotting a clumsy phishing email,\u201d she said, \u201cthe newest layer is autonomous agents\u2014agentic browsers and open agents like OpenClaw\u2014that students install and point at their own accounts, then let act on their behalf inside the LMS, email, even financial aid portals, using the student\u2019s own legitimate access, and with no guardrails the institution controls.\u201d This intersects with data governance, she continued, as some students serve as school officials in ways that make them subject to federal student privacy laws.<\/p>\n<p>\u201c\u2018Don\u2019t click the link,\u2019\u201d Legatt added, \u201clooks quaint against a tool the student deliberately installed.\u201d <\/p>\n<p>CTOs are also concerned about the rise of agentic AI browsers: 26\u00a0percent agree that they\u2019ve become a serious privacy and\/or safety issue at their institution, while 24\u00a0percent agree they\u2019ve become a serious academic integrity problem. <\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Students Remain Higher Ed\u2019s Cybersecurity Weak Link https:\/\/www.insidehighered.com\/news\/tech-innovation\/2026\/06\/09\/students-remain-higher-eds-cybersecurity-weak-link Publish Date: 2026-06-09 03:02:00 Source Domain: www.insidehighered.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":228384,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.insidehighered.com\/sites\/default\/files\/styles\/large\/public\/2026-06\/Student_Laptop_library_orange_glow.jpg?itok=zEalWT2f","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,31,25],"class_list":["post-228383","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-exploit","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228383"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=228383"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228383\/revisions"}],"predecessor-version":[{"id":228385,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228383\/revisions\/228385"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/228384"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=228383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=228383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=228383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}