As we enter a new school year, among the myriad things that instructors and administrators need to be concerned about, ransomware remains high on the list. According to the K-12 Security Information Exchange, there were 166 publicly disclosed cyber incidents affecting 162 school districts across 38 states during the 2021 calendar year.
The rise of remote learning and the use of more devices comes with a price – more endpoints mean more opportunities for potential exploitation. This isn’t a new refrain, but we continue to see challenges facing endpoint security. Cyberattacks against schools can result in closures, not to mention high and unbudgeted remediation and recovery costs.
School districts are already grappling with one of the hardest missions out there – educating our youth – and having to worry about a potential data breach can’t take away from this. Fortunately, in this situation, knowledge is power. Understanding the potential risks that your endpoints face is key to knowing what needs to happen to mitigate these risks and keep your information and systems safe.
A proliferation of endpoints
Any device or application connected to your network is an endpoint. And the more technologically connected school districts become, the more endpoints there are. Even prior to the COVID-19 pandemic, the number of easily exploited endpoint devices connected to the networks was rapidly growing. Since then, the number has continued to increase as districts enabled remote learning and work options.
Do your teachers have tablet computers or iPads they use in the classroom and sometimes take off-site? Those are endpoints. Does your district allow teachers and staff to connect to the network using their personal devices? More endpoints.
One of the greatest threats to any network is endpoints that aren’t within control of the network – such as when teachers take their mobile devices home or when district staff connect external drives and personal devices onto a district’s network. Anytime a device is connecting – but isn’t securely and permanently attached to the network – it introduces risk that the device could bring an attack into the network.
Exploit trends show endpoints are still irresistible targets
Endpoints remind key vectors of attack as adversaries continue to target the growing attack surface. Many exploits of vulnerabilities at the endpoint involved unauthorized users gaining access to a system with the goal of using lateral movement to get deeper into the networks.
Vulnerability management and remediation are some of the most challenging problems for any organization to tackle, and multiple solutions, watchlists and warnings are specifically designed to help companies, organizations and end-users patch their software against known security vulnerabilities. However, even with the tools available and IT teams forewarned with up-to-date information, this doesn’t always happen in a timely matter – if at all. For IT teams at school districts, they’re often grappling with outdated software, overburdened IT professionals and understaffed teams, which all exacerbate the challenge. And unfortunately, threat actors know this.
Researchers looked at endpoint vulnerabilities for the first half of 2022 by volume and detections. What they found is a relentless path of cyber criminals attempted to gain access by maximizing both old and new vulnerabilities. In fact, some of those vulnerabilities are almost five years old and they are still being exploited. The exploit classified as CVE-2017-0199, which impacts certain Microsoft solutions, continues to be exploited even though official patches have been available for quite some time, for instance.
Patching the problems
Patching is not fun work. It’s often mundane and tedious, but extremely important to do. Being late, inconsistent, or sloppy in applying patches presents an opening to threat actors seeking an exploitable foothold.
What’s also needed is advanced endpoint technology, which can help mitigate and effectively remediate infected devices at an early stage of an attack. An endpoint detection and response solution should provide:
- Secure remote access and remote web filtering: This allows students and staff to gain access to district resources without compromising network security.
- Enhanced endpoint visibility and resilience: Complete visibility over all endpoint devices connected to the district or school’s network is essential for IT teams and will help them ensure each of these devices is resilient against potential threats.
- Improved threat protection: Ransomware and other cyber-attacks aren’t going away, so IT teams must take proactive steps to ensure resources stay protected and schools can continue to operate effectively, whether remotely or in-person.
Improved security helps keep focus on education
There’s no getting around it: teachers and administrators have a really challenging job to do. Budgets are often limited, they’re dealing with a constant array of curriculum changes and staffing shortages, and the COVID-19 pandemic hit schools especially hard. The last thing schools need to be worried about is cybersecurity incidents that can further take time away from educating students. Ensuring your district is using best-of-breed endpoint security solutions will go a long way in keeping your networks safe and protected.
- In 2024, education will move to adopt AI—but slowly - December 8, 2023
- Mitigating data breaches with live patch management - December 8, 2023
- How video coaching helps us support teacher growth and retention - December 7, 2023