While the DoS attack didn’t result in the theft of information, it highlights that school district IT departments generally have a reactive posture to security. Sure, they have firewalls and access controls to prevent an attacker from breaching the network.
But so did Target, JP Morgan Chase, and Anthem—major companies that have also dealt with compromised data. The difference is that those firms also have big security operations teams that school districts don’t have. Like the title of Marshall Goldsmith’s book “What Got You Here Won’t Get You There,” firewalls and intrusion prevention systems and other prevention-based security systems are what got us here.
When a network is breached, the IT staff is usually informed by a third party that their key assets – the health information, personal details, and financial data – have been found in the wild and they are relegated to reviewing logs to recreate the crime.
There is good news: the technology that will improve network security for school districts is data science—basically the analytics and big data schools are already using to for educational purposes. Data science enables a security system to look at internal network traffic and identify an active cyber attack so it can be stopped while it’s happening and before any data is stolen.
For school districts, the best thing about data science is that it protects without prying. Data science works by looking a metadata rather than data itself. In this case, data science is applied to the metadata of network packets. Those packets can contain PHI, PII and financial data, but the security system will not read it.
Choose the headline you prefer: “Students’ personal information stolen” or “Cyber attack stopped, student information secure.” Relying on prevention security alone results in the former and data science helps ensure the latter.
Jerish Papapurath is a security analyst at Vectra Networks.