Firewalls alone may not be enough to stop cyber attacks. For that, there’s data science

cyber-scienceRecently, KTVB evening news reported a denial-of-service (DoS) attack occurring on and off for over a week on Idaho’s largest school district Internet connection.

It’s yet another example of a school district IT department having to wade through piles of system logs to find that the potential root cause was a student who hired someone to perpetrate the attack. The news report closed with the disclaimer that, “these attacks didn’t breach the network, so no student information was accessed.”

The question is, when a network is breached, do school systems really have the tools they need to prevent data loss?

It’s about more than just grades. This is about personal health information (PHI), family health history, personally identifiable information (PII) and very likely financial data.

Public and private school districts are a treasure trove of information that cyber attackers can use to quickly target students’ families. Ask your local PTA how many people work in the IT department. Then ask how many have strong security expertise or a certification like CISSP.

Next page: How data science can help

While the DoS attack didn’t result in the theft of information, it highlights that school district IT departments generally have a reactive posture to security. Sure, they have firewalls and access controls to prevent an attacker from breaching the network.

But so did Target, JP Morgan Chase, and Anthem—major companies that have also dealt with compromised data. The difference is that those firms also have big security operations teams that school districts don’t have. Like the title of Marshall Goldsmith’s book “What Got You Here Won’t Get You There,” firewalls and intrusion prevention systems and other prevention-based security systems are what got us here.

When a network is breached, the IT staff is usually informed by a third party that their key assets – the health information, personal details, and financial data – have been found in the wild and they are relegated to reviewing logs to recreate the crime.

There is good news: the technology that will improve network security for school districts is data science—basically the analytics and big data schools are already using to for educational purposes. Data science enables a security system to look at internal network traffic and identify an active cyber attack so it can be stopped while it’s happening and before any data is stolen.

For school districts, the best thing about data science is that it protects without prying. Data science works by looking a metadata rather than data itself. In this case, data science is applied to the metadata of network packets. Those packets can contain PHI, PII and financial data, but the security system will not read it.

Choose the headline you prefer: “Students’ personal information stolen” or “Cyber attack stopped, student information secure.” Relying on prevention security alone results in the former and data science helps ensure the latter.

Jerish Papapurath is a security analyst at Vectra Networks.