In early March, 15 schools in the United Kingdom reported they were made incapable of delivering online learning for students after a cyberattack forced the education trust to shut down all systems to investigate whether the cybercriminals accessed the central network infrastructure. The increased reliance on e-learning has made schools around the world an even bigger target of opportunity than before. If the technology is taken down, education can come to a complete halt. Add to this the wide prevalence of bring your own device programs for e-learning and the access from insecure home networks, and you have a perfect storm for the sector and a huge target for criminals.
The problem has become so severe that the NCSC recently issued an alert to the UK Education sector after seeing a spike in targeting the sector, underlining the fact that threat actors are going after the education industry specifically, as well as it being the target of opportunity.
Schools already have challenges giving enough resources to cyber security in both funding and staff. The NCSC guidance underlines the importance of doing the basics, but that further recommends a defense in depth strategy. This obviously comes with a financial cost. It really is unacceptable that threat actors are targeting children’s education, and that funds must be diverted from front line-learning activities into preventing criminal elements from plying their trade.
Educational institutions also typically hold massive quantities of personal data on students, alumni, and parents, as well as teachers. This presents a treasure trove for an attacker, as seen in the Blackbaud attack back in July 2020. This kind of data may be used for further phishing campaigns using the name of the educational institute and some valid data to lend credibility.
In a recent report released by the K12 Security Information Exchange and the K-12 Cybersecurity Resource Center, cyberattacks on school districts increased by 18 percent in 2020, with a total of 408 disclosed cyberattacks. According to the Center, this is the highest number of attacks seen on the education industry ever. As students and teachers continue in-person and remote learning, this will not be the end of cyberattacks that bring education to a complete stop. To ensure students can continue to learn, there are ways to prevent schools from being targets for bad actors.
Educational institutions should follow the NCSC’s advice to do the basics: patch aggressively, ensure antivirus software is enabled and updated, and, critically, ensure that data is backed up and restoration of that data has been tested.
Looking at the current landscape, schools should not wait for a cyberattack to occur before acting. Schools must implement mandatory awareness training for all staff to reinforce how to respond and react to a suspected attack of any type. This should not just stop at faculty and staff; students should also receive training to ensure they know to flag suspicious activity. Additionally, schools need to develop an incident response plan to ensure they are prepared to defend against a cyberattack and continue schooling without interruption.
It is essential for the education industry to create a solid foundation by investing in technologies, security solutions, and processes that formalize their ability to detect cyberattacks as early as possible. These technologies can help institutions protect themselves by supplying important context into abnormal behaviors, flagging known indicators of compromise, and accelerating threat detection and response. Prevention is an important first step, but detection and response are vital because no prevention technology is perfect, and cybercriminals do not stick to one method of attack.
At the beginning of the COVID-19 pandemic, it is likely that in the rush to enable remote learning schools made some compromises to cybersecurity. Solutions that were deployed to support new ways of learning in the pandemic should be proactively reviewed to ensure any compromises that were made are at the very least understood and risk managed.
This incident is a reminder that it is time for a conversation about how cybersecurity for the education sector should be funded. Cybersecurity is not just a concern for large companies and should be appropriately funded at the state and local government level to ensure that our children can learn without disruption.
The attack against the 15 UK schools, along with so many others we have seen throughout the last year, serve as a reminder that no one is immune, and cybersecurity is not just an issue for large enterprises – it is an issue for every organization. The education industry must take a proactive approach so that students can continue to learn from home without interruption, and that their data and that of staff and parents is kept secure.
- 5 ways online coding programs prep students for success - October 4, 2024
- Pandemic-related science losses hit underrepresented groups harder - October 3, 2024
- A surefire way to make science relevant to kids - October 2, 2024