For the education sector, data security ranges from the need to protect devices to safeguarding the sensitive information and privacy of its users, including students, their parents, and the institution's staff. Taking into account the current context in which educational centers operate, which involves combining remote learning and in-person teaching, as well as the use of personal devices, we analyze the most common cybersecurity threats affecting the sector:
- Phishing: this is a deceptive practice where the attacker seeks to obtain sensitive data from the victim, such as usernames, passwords, credit card details, etc. There are many ways to carry out this scam, but the main entry vector is the use of emails or text messages that appear to come from trusted sources and contain malware attachments or links to fraudulent websites.
- DDoS: distributed denial of service attacks occur when a website is flooded by an avalanche of traffic in a short period of time, causing it to crash. In most cases these attacks come from external actors; however, there has been an increase in DDoS attacks from students who are purchasing them as an online service in order to skip a class or exam.
- BYOD (bring your own device): personal devices are much more prone to malware, as they access websites that do not necessarily offer the right level of security. Moreover, IT staff at educational centers have no visibility or assurance that malware has not been downloaded onto these devices.
- Doxing and cyberbullying: in this form of online harassment an individual’s private information is disseminated without their consent, allowing them to be identified and exposing their personal life and compromising their safety, with the intention of defaming them or causing harm of some kind.
- Domain spoofing: a type of phishing attack in which hackers register web domains using names similar to those of legitimate websites in order to appear trustworthy and thus deceive users through a scam.
- End-of-life software: this is the use of outdated software or computing devices that no longer receive the necessary patches, updates and maintenance making them more susceptible to vulnerabilities.
Ransomware, a growing risk
Ransomware is the main cyberthreat in the education sector. In recent years these attacks have increased significantly and, according to data from Statista, educational institutions received 14.34% of ransomware attacks in 2021 globally. Likewise, according to the Multi-State Information Sharing and Analysis Center (MS-ISAC), in 2020 57% of ransomware incidents between August and September affected K-12 schools in the United States. Similarly, the UK's National Cyber Security Center (NCSC) has had to issue numerous warnings about ransomware attacks after several were reported. In one instance, these threats forced a school to postpone its reopening.
How can the education sector protect itself?
- Prioritize training of key players: Educating teachers, administrators and students about social engineering attacks, as well as introducing security concepts through training programs can help create safe practices when accessing computers, systems and login credentials.
- Filter content: Implementing content filtering through hardware appliances or software-as-a-service (SaaS) can help block websites, emails or files that cause vulnerabilities and incidents, as well as supporting regulatory compliance.
- Monitor access: use visibility tools that track and expose threats and identify the behavior of users who contribute to a compromised network.
- Protect access with MFA: passwords can be easily compromised, so educational institutions should establish multi-factor authentication (MFA) in conjunction with any BYOD program.
- Use a secure Wi-Fi network: Cloud-managed Wi-Fi solutions enable optimized performance, visibility, and reporting.
- Enable secure video conferencing: secure video conferencing requires controlling access, securing connectivity, protecting files and screen sharing, and using up-to-date versions of video applications.
- Conduct a security assessment: review which threats weigh on assets, identify vulnerabilities (how damage can occur) and the consequences they may entail.
- Segment the network: in unsegmented networks, all computers can communicate with each other, increasing the chances of network congestion. Segmentation divides the school network into smaller networks, or "clusters", which will help them operate more quickly and efficiently.
The new hybrid learning dynamics require comprehensive protection of the digital educational environment. To achieve this, IT managers need to achieve unified security that allows them to address all the institution's cybersecurity needs and simplifies their job. A unified solution provides multi-factor authentication and network security that are essential for users and devices. Moreover, it can cut down network administration time by automating processes that eliminate threats and do more with less. It also provides clarity and control, with centralized security offering visibility that is difficult to achieve by maintaining isolated solutions.
In the eBook Enabling Secure Hybrid Learning in Schools and Libraries, we take an in-depth look at the current state of information security in the education sector, as well as outlining the best strategies for securing distance learning.