The education sector has had to rapidly adopt and scale new technologies to enable remote and hybrid learning as a result of the pandemic. This has created an expanded threat landscape, and malicious actors have taken this opportunity to target academic institutions to an even greater extent.
In mid-March, the FBI issued a warning about an increase in specific ransomware targeting education institutions in 12 U.S. states and the United Kingdom. This alert follows a steady wave of cyberthreats facing educational institutions in recent months. We first saw a spike when remote learning kicked off last fall.
Education leaders must take a proactive stance to mitigate risk. Remote school, and the hybrid approach many districts have switched to in recent months, have placed new challenges for network security that cannot be ignored. Cybersecurity posture must be baked into educational IT infrastructure in this ever-evolving threat landscape.
Technology shifts create security gaps
Due to the pandemic, academic institutions had to deal with a whole new set of challenges last year. K-12 schools and colleges alike had to rapidly transition to remote, socially distanced in-person, or hybrid learning. For many, this meant quickly building up IT infrastructures that enabled students to engage in learning from home, faculty to teach from their kitchen tables, and staff to access the work network remotely.
The threat landscape became larger and more complicated due to the large-scale increase in network and technology usage, as well as the sheer number of individuals accessing those networks from often-inadequately secured home internet connections and devices. Bad actors were quick to seize on opportunities – they used phishing attacks to try to capitalize on the uncertainty of the pandemic and attempts to exploit new vulnerabilities. In fact, the K-12 Cybersecurity Resource Center found that cyber incidents aimed at schools increased by 18 percent in 2020.
Closing every potential gap on such a short time scale was challenging even to those institutions that prioritized cybersecurity during this transition. Consequently, many now find themselves with patchwork security solutions that may contain unidentified gaps. But moving forward in 2021, it is time to reflect on potential threats and make efforts to fortify and expand existing security measures.
Top threats to the education sector
Security is paramount as the near future at least holds yet more hybrid and remote learning, as well as transitions between these learning modes. Bad actors continue to search for exploits, and cybersecurity professionals in the educational sector must act swiftly to stay ahead.
Some of the most significant cybersecurity trends from the second half of 2020 are evident in the latest Global Threat Landscape Report. Based on that report, those in academia should particularly be aware of the following threats in 2021:
- Ransomware: As Ransomware-as-a-Service (RaaS) continues its evolution, academic institutions must guard against demands made by cybercriminals who threaten to disclose sensitive student data. Ransomware activity jumped 7x in the last half of 2020 alone.
- Malware: A top attack target continues to be Microsoft platforms, leveraging the documents most people use and consume during a typical workday. Web browsers are another battlefront. Common document formats such as PDF and RTF are also prime targets.
- CMS and IoT threats: Institutions should look out for vulnerabilities in Internet of Things (IoT) devices and content management systems (CMS), as nine of the top 10 exploits target these categories. Vulnerable learning content management systems can make soft targets for easy access into enterprise environments. Attackers are also seeking to subvert the less-than-enterprise-grade security inherent to many IoT devices used in home networks.
- Phishing attacks: One vector that became particularly prevalent due to the remote learning and work-from-home trends is malware-laden phishing attacks that inject code or redirect users to malicious sites.
The transition to remote and hybrid school accelerated the growth of edge environments, which remain ripe targets for exploitation. That said, this trend has also encouraged a move to in-depth security monitoring and enforcement to every edge device, perhaps spelling the end of inherent trust-based security as we know it.
Budget and resource limitations mean the education sector faces more challenges than other sectors. Such resources may be even tighter in 2021, meaning these institutions must do more with less. Approaches to reducing attack surface and complexity, therefore, should be made from an efficiency standpoint. Yet, if government programs and funding spike, this will also drive increased cybercriminal activity as they “follow the money” with some of these programs.
Academic institutions should take advantage of cloud and SaaS solutions as they strengthen weaknesses in their remote access solutions and work toward protecting endpoints. Attempts to consolidate visibility and administration tasks across both cloud and on-premises environments can help create a security infrastructure better equipped for efficient management.
Strengthening and expanding cybersecurity solutions
Many initial security solutions put in place by academic institutions may be incomplete or contain holes because the move to online and hybrid educational environments was rolled out so quickly, resulting from cobbled-together strategies. At the same time, this new environment is prime for cyberattacks, more so than previous on-premises environments that were better planned for and contain inherently fewer vulnerabilities.
Malicious actors never let go of a bone once they’ve found it. Accordingly, educational institutions must take the time to better fortify and expand their current cybersecurity solutions now that the initial chaos caused by the transition has subsided. Best practices for securing expanded edge networks in the education sector include:
- Zero Trust Access (ZTA): A zero-trust approach providing only the necessary level of access privileges is the best way to protect networks and applications.
- Network segmentation: To minimize the impact of potential breaches, all internet-facing applications should be segmented away from the rest of the network.
- Multi-Factor Authentication (MFA): By requiring additional authentication during an attempted login, this strategy helps protect users from the misuse of stolen credentials.
- Web application security: Setting up web application firewalls (WAFs) defends against phishing attacks and DDoS attacks that can cause your site to become unavailable.
- User education: The human element is often the weakest link in network security. Advise students, faculty, and staff alike to use strong passwords and exercise caution when using public Wi-Fi, and teach them how to spot social engineering attacks.
- Browser security: To protect against web-based malware, use a cloud-based web security gateway.
These institutions can ensure a robust digital infrastructure that is able to withstand new and evolving cyberthreats by expanding on the solutions put in place early in the pandemic.
Focus on prevention
It costs much less and requires much less effort to prevent attacks than it does to repair the damage of a successful breach. The education sector is under continued, heavy attack, and because its weaknesses are well known, that’s not likely to change soon. Consider the above recommendations to create or fortify a security strategy that will save scarce funds as well as protect critical data.