With tight budgets and competing priorities, cybersecurity is often put on the back burner within the education sector. While many in the industry acknowledge that cybersecurity risks exist, few recognize the extent of the potential consequences, so they allocate their limited resources toward other efforts.
Unfortunately, educational institutions can no longer afford to deprioritize cybersecurity. Since 2016, there have been more than 1,100 cyber incidents in K-12 schools alone. During the 2020 calendar year, cyberattacks against school districts increased by 18%. According to “The State of K-12 Cybersecurity: 2020 a Year in Review,” a report by K12 Security Information Exchange and the K-12 Cybersecurity Resource Center, “Many of these incidents were significant: resulting in school closures, millions of dollars of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud.”
The potential for both economic and educational ramifications associated with cyberattacks necessitates an increased focus on cybersecurity within the education sector.
The goals of hacks within the education sector vary.
Data theft is one of the most common objectives. The information obtained may be either sold or used to extort an organization. Schools usually have a wealth of data to attract hackers, including personally identifiable information (PII) and financial details of students, families, and staff; educational records, including grades and evaluations; and enterprise data, such as schedules, staffing, vendors, strategies, fundraising information, and more.
Another potential goal of an attack against the education sector is to cause disruption. For amateur hackers looking to get a day off of school, this may be an appealing option.
Higher education institutions may also be targets of espionage-related cybersecurity incidents. They are at additional risk due to the information they house for research purposes. In 2019, hackers believed to be affiliated with China targeted 27 institutions, including the Massachusetts Institute of Technology, Pennsylvania State University, and Duke University. Any university with a substantial research program may be subject to similar attack attempts.
Several aspects contribute to the unique cybersecurity landscape within the education sector and drive the need for enhanced prevention, detection, and response procedures.
While remote learning has existed for years, the novel coronavirus (COVID-19) pandemic made it commonplace. With more classrooms moving entirely online, cybersecurity risks increased.
On April 1, 2020, the FBI issued a public service announcement warning of cyber actors looking to take advantage of vulnerabilities in virtual environments, including those used for education. The warning also alerted to the potential to exploit education technology platforms. To combat this, the FBI suggested reading user agreements, monitoring children’s use of platforms, researching EdTech cyber breaches, and other preventive measures.
While it tends to be less costly than other types of attacks, classroom “Zoombombing” has garnered increasing attention. So-called “Zoombombers” enter virtual classrooms and disrupt the session with racial slurs, pornographic images, threats, and other lewd behavior.
In a classroom setting, students and teachers are often allowed to bring in personal devices and connect them to the school network. This creates innumerable opportunities for an infected device to spread malware across the network to others.
This bring your own device (BYOD) culture leads to greater security challenges. Ensuring each has adequate protections in place is impractical, if not impossible, given the large scope of potential users. Therefore, a robust cybersecurity program is essential to detect and mitigate incidents.
School budgets are typically tight, so while a network may have thousands of users, oversight of security efforts could fall on just one staff member. Educational institutions generally can’t afford as comprehensive of a cybersecurity program as major corporations, and hackers know it. This makes them easy targets.
In recent years, there have been countless attacks against the education sector. Notable examples include:
Since no protective measures can shield against 100% of attacks, rapid detection and mitigation are critical. Cybersafe Solutions can equip your school with 24/7/365 cybersecurity monitoring by a team of experts for a fraction of the cost of hiring just one employee. While your budget may be limited, you don’t need to put your systems at risk. Contact us today to learn more.