From education to employment

EdTech Security: Why Education needs to go back to school on escalating cyber risk

Roel Decneut, CMO at Lansweeper

The UK education sector has been no exception to the digital revolution transforming businesses and organisations across the world.

Lockdown measures and mandatory closures in 2020 led to surprising but explosive growth in the UK education technology sector of more than 70%, with further growth forecast this year amid Spring Term school closures.

Everything from laptops and mobile devices to interactive touchscreens and even virtual reality are becoming commonplace in nurseries, schools, colleges and universities, while downloads of educational apps have risen by 130% over the past year.

The sudden transition from physical classrooms to distance learning during the pandemic has accelerated this trend, but it has also shone a light on the growing risk of unsecured technology on students, faculty and staff.

The growing cyber risk in Education

Digital technologies have helped empower students and teachers with access to advanced learning programs, material and resources, instrumental in the continuation of education despite widespread disruption hitting schools.

Even as students began to return to in-person learning, educators’ increasing dependency on digital resources has required staff to maintain strict control and oversight of an ever-growing IT estate.

The growing number and importance of IT devices represents a significant challenge for educational institutions. As schools continue to adopt digital technologies to augment their educational programs, the target range for cyber attacks only increases.

The UK Government’s National Cyber Security Centre warned of further ransomware attacks on the national education sector by cyber criminals as recent as June 2021.

In March 2021, a ransomware attack on 50 schools in and around London in March 2021 left 37,000 pupils unable to access emails, and there have been numerous attempts on other education organisations in recent months.

While these seem like extreme examples, such attacks are not uncommon any more.

In addition to ransomware, DDoS attacks, disruption and harassment on video-conferencing sessions, doxing and malware attacks are plaguing schools, putting sensitive data they maintain at risk, and impacting resource performance and availability.

The pandemic has intensified the need to track and maintain an expanding array of IT devices. When distanced learning became mandatory, district-issued devices rapidly made their way into the homes of faculty and students, often without the necessary protections in place.

Not only are there many more devices to track, those devices are connecting to the network via unsecured home networks, which may also be tethered to various IoT devices and other connected personal computers and devices that serve as gateways for cybercrime.

Lack of insight costing institutions financially

Not only are Educational IT departments often in the dark about outdated operating systems that open up vulnerabilities on servers and end-user devices, they’re also struggling to keep tabs of software licensing and users.

According to License Dashboard, 22% of higher education institutions operate with no official software asset management strategy in place, while 42% of IT decision makers at educational institutions say software asset management helped avoid unexpected costs associated with purchasing further licenses or paying noncompliance fines.

Without this insight, educational institutions are missing out on opportunities to optimise software and hardware contracts and agreements, or take advantage of potential discounts.

An incomplete, inaccurate inventory of the IT estate may also result in hardware assets sitting idle or at half capacity, leading to unnecessary energy costs.

Knowing how many devices have been distributed, who is using them and how many are still available for distribution is critical information to have on-hand, as districts continue to supply students with computers to support distance learning.

School and College IT teams need a helping hand

But manually tracking systems is slow, unreliable, prone to human error and leads to higher operational overheads. Without accurate, up-to-date data, decision-making is inefficient, which makes it difficult to meet the evolving needs of students, faculty and staff and impact the quality of education.

IT and system administrators at educational institutions must do away with traditional manual, siloed approaches to managing the IT estate, instead taking steps to create a single system of record that contains all the data necessary to manage the growing list of software and hardware assets.

Automation is helping education organisations scan entire networks in seconds and provide full visibility into their growing and ever-changing IT environments. It also eliminates inaccurate paper-based asset tracking and reduces the high operational overhead of maintaining a diverse IT infrastructure.

With access to a complete, up-to-date asset inventory, IT teams can more easily assess security threats and vulnerabilities, take steps to mitigate risk and provide cost optimisations to reinvest budgets elsewhere to optimise teaching and class engagement.

Roel Decneut, CMO at Lansweeper

Related Articles