Schools

12051940266?profile=RESIZE_400xSchools face evolving cyber threats in an increasingly digital educational landscape.  Insider errors, ransomware attacks, and vendor vulnerabilities require a strong focus on cyber hygiene and awareness to safeguard sensitive data, says the CEO of ManagedMethods.  Although we talk about the seriousness of the cybersecurity threat in education a lot, it is worth repeating this alarming Microsoft statistic 6,110,425 (80.1% of the global total) Opens a new window enterprise malware encounter in the last 30 days were from the education sector.

Due to the lack of effective cybersecurity procedures in schools and the high value of the data that hackers can obtain on the black market, hackers frequently target educational institutions.  For instance, files including the names, addresses, social security numbers, and other personally identifiable information of students may be sold to exploitative bidders who may use the information to set up fraudulent loans.[1]

While the remote learning movement required by the COVID-19 pandemic has brought about many positive changes, such as increased flexibility and varied learning access, it has also accelerated cybersecurity vulnerabilities.  At the pandemic’s start, there was an onslaught of invasions through video conferencing hacks, malware, and social media attacks.  And while school administrators have had to adapt to this new environment quickly, many districts are still vulnerable.  As schools continue to expand their use of technology and access to various devices, they need to be more aware of cyber hygiene than ever before.  Below is a look into the new threats schools face before analyzing how they can cope.

The Threats and How They’ve Evolved - One of the main threats that school districts face is insider error or negligence.  This results from someone with legitimate access accidentally sharing sensitive information publicly or to users that should not have access.  A clear example of this comes from Google Drive.  Many people will select the “anyone with the link” option when granting access to colleagues without batting an eyelid.  However, this is highly problematic because it allows hackers to find their way into the document.  Hackers can use “URL guessing” to find publicly shared Google Drive links by guessing possible URLs or using “brute-force” tools to generate random URLs.  For districts that don’t have some kind of automated policy set up to monitor potential unwanted access, there could be tons of confidential PII and financial information freely accessible on the internet in these documents.

Ransomware receives a lot of coverage in the media, and rightly so.  The education sector has recently become a primary target for hackers as they are considered soft targets with valuable information and considerable pressure to restore their systems. Ransomware attacks on education have dramatically increased by 56% in K-12, and 64% in higher education were hit in 2021Opens a new window, up from 44% in education the previous year.  Additionally, schools have to fork out a huge amount of recovery costs. K-12 spent a whopping $1.58M, and higher education spent $1.42M to rectify ransomware attacks.

Ransomware has also become more sophisticated.  Ransomware is used to encrypt data so it cannot be accessed, but it doesn’t leave the information system where it was located.  Once the ransom was paid, or the backups restored, etc., districts didn’t necessarily have to be concerned that the criminals had copies of the data.  However, now hackers can extract data from a system before encrypting it themselves, allowing them to threaten the victims further and sell copies on the dark web.

Lastly, there is vendor risk management.  This threat has increased as a result of more third-party tools in schools for a variety of purposes.  Many of these tools will connect to the school’s network and leave a weak point in the cybersecurity infrastructure.  Open authority (Oauth) vulnerabilities can crop up due to these weaknesses.  And this evolution has come about from students and staff members blindly accepting app permissions while downloading a new application.

Good Cyber Hygiene in a Remote-learning World - Whether we like it or not, remote learning is here to stay.  While schools moving to cloud providers such as Google Workspace, Microsoft 365, etc., brings many benefits, many districts didn’t transition with a security-first approach.  There are countless articles out there calling for the need for sophisticated firewalls and content filtering.  While that is true, the real problem lies in the remote access that students and teachers use now, which renders these network-based security measures useless.  Schools must focus more on zero-trust cybersecurity, which requires proper cloud security access configurations.  It also requires you to continuously monitor account behavior, such as login access from abnormal locations at abnormal times.

Cybercriminals can attack district information systems in new ways that many IT teams do not even realize are a problem.  In many ways, it is unfortunate that ransomware gets so much attention because it is usually the nail in the coffin, where there are usually so many prior warning signs before an attack that most people never see or don’t even realize after the attack.

Schools must educate pupils on the dangers of clicking on suspicious links, downloading unknown software, and sharing personal information with unfamiliar sources from their home PCs.  Students should be taught to be wary of suspicious emails and to only open messages from trusted senders.  Additionally, they should be advised never to open attachments from unknown sources and to be vigilant when browsing the web to avoid malicious sites.

Furthermore, it is crucial to safeguard online accounts with robust passwords. Despite its obvious importance, two factor-authentication is something that is often overlooked.  Unfortunately, many individuals still use the same password for multiple accounts, putting themselves at risk of cyber-attacks.  If hackers access one password, they can potentially infiltrate all linked accounts, leading to a catastrophic breach of personal information.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

[1] https://www.spiceworks.com/it-security/cyber-risk-management/guest-article/school-cyber-hygiene-is-critical/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!