Cyberattacks on schools and academia in general are on the rise again. According to Checkpoint Software, weekly attacks against education organizations increased 30% quarter over quarter last year compared to a 6.5% increase across other US sectors.
Hackers are homing in on soft targets, and some of the hackers are coming from inside. In September 2020, a Florida teen launched “a series of DDoS attacks that helped shut down one of the nation’s largest school districts for its first three days of virtual classes.” The student’s methods weren’t novel or sophisticated. He used a decades-old, open-source tool that even minimum-security firewalls can detect to take down the entire school district for several days. If this doesn’t prove how vulnerable the system is, nothing will.
In his Forbes article Cybersecurity And The Remote Classroom, Emil Sayegh notes that although a “foundation of technologies with features that include cloud, video, conferencing, and collaboration make distant classroom situations achievable,” these all come with challenging security issues. As Sayegh notes, schools are required by law to ensure a student’s personal information is secure. Just like businesses, which spend small fortunes to protect their customer databases, schools have a fiduciary responsibility to protect each of their student’s privacy.
Schools became a perfect targets for hackers when they were forced to go virtual almost overnight once COVID struck. They also have limited funding in the best of times. President Biden’s new $1.9 trillion COVID relief bill has earmarked billions of dollars for school upgrades, but it will take time for that money to reach local school districts while cyberattacks just keep coming.
In one sense, COVID couldn’t have happened at a better time. The tech revolution had been going on for close to fifty years by the time the pandemic hit. Smart phones give users access to videos and apps that can simplify learning. Tools like Edmodo, Socrative, Projeqt, Thinglink, Ted-Ed, cK-12, ClassDojo, eduClipper, Storybird, and Animoto are education platforms that were already accessible before COVID struck but saw considerable user uptick once education-from-home became the new normal. One of last year’s stock darlings, Zoom, saw its usage explode during the pandemic. Even broadcasters like PBS stepped in to fill the void with educational programming that included tailored educational programming. All of this access, however, is a security nightmare for schools and their notoriously underfunded IT departments.
A Best Defense is a Good Offense
In its The Next Normal The recovery will be digital, McKinsey recommends schools do the following to mitigate cybersecurity risks:
- Accelerate patching for critical systems.
- Require multifactor authentication for employees working remotely.
- Account for what’s known as ‘shadow IT’, which are IT systems set up and administered by employees without the formal approval or support of the school’s IT departments.
- Quicken device virtualization.
- Communicate creatively.
- Focus on what to do rather than what not to do and educate widely.
- Increase awareness amongst employees and students about the latest malware, phishing, man-in-the-middle, and DNS tunneling attacks.
- Identify and monitor high-risk user groups.
According to McKinsey, COVID-19–themed phishing, vishing (voice phishing), and smishing (text phishing) attacks have increased, while standard cyberattacks haven’t lessened.
In his Tech Republic article Cyberattacks against schools are on the rise, Lance Whitney says security professional need to reduce the attack surface area. Any data should be encrypted, especially when it’s in use. Endpoint security compliance should include full control of peripherals, applications, network traffic, and, most importantly, data.
An ounce of prevention is a better than a server full of pain, so blocking known viruses and malware is the first order of business. Setting up a perimeter with boundary firewalls and internet gateways is a close second states Whitney. Make sure your anti-malware software is constantly up to date as new viruses are always appearing and finding new ways to attack. Protect endpoint with anti-malware software that prevents known and unknown attacks. To thwart exploits, use anti-exploit technology to prevent drive-by attacks and protect your individual applications argues Whitney. Finally, you can inhibit user mistakes by implementing zero-phishing technology that blocks phishing sites, prevents credential reuse, and detects compromised passwords, says Whitney.
“Use runtime protection,” advises Whitney, adding “Anti-ransomware technology allows you to detect signs of ransomware and uncover running mutations of known and unknown malware families by using behavioral analysis and generic rules.”
Containment and remediation comes next, says Whitney. Once machines are infected, they must be isolated and sterilized, with files quarantined, and processes killed. These steps lead to the final imperative – understand and respond. Users must quickly triage events, understand the scope and scale of the events leading up to the hack and “immunize other surfaces by sharing Indicator of Compromise (IoC) and Indicator of Attack (IoA) information.”
Third-party providers can often be the weak link in a security chain, as the recent SolarWinds hack proved. Schools should thoroughly vet all third-party platform consultants and providers.
Overall, cybersecurity should be viewed as a 24/7, 365-days a year process. Systems should continuously be analyzed for unusual activity, and cybersecurity education of both students and staff is essential. Users should only click on links from trusted sources, and logging into accounts should be done directly rather than through email links. Confidential information should never be shared via online tools. These recommendations seem like common sense, but so often people drop their guard, click on an attachment that seems interesting, momentarily unaware they will be reaping a whirlwind of cyber-security pain.
There are new tools and technologies from computer companies like HP that can help contain and eliminate these kinds of attacks. HP’s Sure Suite in particular is changing the security game, by creating a hardware-enforced security system that sits on the motherboard and can’t be thwarted by software attacks. Sure Suite can identify potential security threats in real time, for example when a user clicks on an attachment, and automatically isolate the link in a virtual machine to allow the user access while analyzing any attempts to access or attack the computer.
Sure Suite goes beyond perimeter network security by protecting individual endpoints. What’s more, if one machine with Sure Suite on your network is attacked, it will automatically notify an admin and take steps to inoculate other machines on the network to prevent the spread of attack.
Virtucom provides cybersecurity services to K12 schools to help address the growing cybersecurity threat. If you’re looking for information to help protect your student data, and your network, click here to learn more.