From education to employment

How can the education sector protect against the top three cybersecurity challenges in 2022?

Matt Aldridge, Principal Solutions Consultant, Carbonite + Webroot

The recent pandemic has caused significant changes to everyday working life and the way individuals conduct their lives in general. The rise of hybrid working and work from home (WFH), in particular, has led to many challenges for security administrators.

Similarly, the growth in remote learning has increased risk across educational networks. Schools, universities and research centres make for attractive targets to cybercriminals because they are often under-resourced from a security perspective. In fact,  recent data shows a 93% increase in cyberattacks targeting the UK’s education sector. 

We’ve seen a spike in attacks since educational institutions were forced to set up their systems remotely due to the pandemic. With precious data often saved on individual students’ laptops/desktops and institutional servers, challenges around monitoring access related to personal devices – and backing up this data – caused complications for IT departments.

This is unfortunately a trend which will only continue, especially with new hybrid working platforms coming into force. As a result of cybercriminals looking to cash in on these vulnerabilities, educational institutions will need to improve their security posture to defend against this broader attack surface in 2022.

The scams to look out for

One of the biggest threats facing the education industry is business email compromise (BEC) scams.  These attacks involve scamming unsuspecting users for money when a malicious actor sends carefully targeted spear-phishing emails from what appears to be a trusted person. According to research in the US from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, schools and colleges are more than twice as likely to get hit with a BEC scam than companies outside of the education industry. 

Similarly, ransomware, along with BEC attacks, remain a threat for educational institutions. Schools are particularly vulnerable to ransomware due to security weaknesses and because attackers can target particularly sensitive time periods for educational institutions, for example during examinations or registration periods.

NCSC and other security groups keep issuing alerts about the recent surge of ransomware attacks in the sector, which unfortunately echo similar warnings from the past – the cost of ransom is steep. The average ransom demanded is over £120,000 ($170,000). According to our research, the actual price of ransomware is far greater. This figure doesn’t include damages to operations, reputation, insurance, or the cost of defensive measures.

To hackers, schools are valuable because of the data they can provide beyond student grades, including student and staff confidential information, staff and organisational bank account details, and other personally identifiable information – making educational institutions the third most frequent target of hackers behind healthcare and financial services. Personal data is readily traded and visible on marketplaces within the dark web. Therefore, data loss from theft is a frequent occurrence for schools and in many cases this sadly goes undetected until it is too late.

The challenges in protecting education from cybercriminals

Considering that a lot of learning takes place online, severe attacks can halt the learning process for students. In March 2021, numerous schools within the Nottinghamshire district had to shut down their information technology infrastructures because of a sophisticated cyberattack.

This further highlights that it is not uncommon for school administrators or teachers to make technology purchases without the consent or even knowledge of the institution’s technology department. In these cases, equipment and software are purchased with little to no consideration of the potential cybersecurity risks. A single college or school campus might contain many different sub-organisations, such as offices or departments which can increase a school’s susceptibility to attacks.

Attackers frequently target an organisation’s networks through remote access systems, such as remote desktop protocol (RDP) and virtual private networks (VPN). The use of unsecured RDP has grown exponentially as more administrators work from remote locations.

Cyber safety tips for institutions to stay safe in the year ahead 

BEC scams often attack schools and colleges by breaching or impersonating senior staff. Therefore, it is crucial to provide staff training to defend against phishing attacks and business email compromise.  Any process for release of funds or sensitive data should have multiple safeguards in place.

IT administrators and service providers are responsible for providing sound procedures, proper training, monitoring, and compliance. In the most challenging BYOD (bring your own device) environments, the first step should be monitoring and observing work practices before security guidelines are laid down, including asking questions like:

  • What video communication tool should be used for remote teaching?
  • What file extensions should be allowed?
  • Can files only be sent by email (which probably has file scanning) or by a mobile chat app?

It is important to implement a cyber-resilience strategy prescribing multi-layered defences. This should offer strong protection layered with AV, firewalls, email filtering, intrusion detection and DNS protection, along with mandating two-factor authentication (2FA) wherever possible. 

One of the most important strategies is to keep multiple backups of critical institutional data. Cybercriminals can’t be trusted to restore access to data even after a ransom is paid, so take charge of this crucial requirement for recovery. The day a breach occurs is not the time to discover whether your disaster recovery plan was well designed. Instead, simulate a worst-case scenario ahead of time and see if any gaps emerge. Closing those gaps as soon as possible is an actionable step that educational facilities can take to protect themselves and their users.

Creating awareness and understanding exposure to threats can help address many cybersecurity challenges – it is important to invest in security training for all. Emerging cybersecurity technologies, mitigation tools, and strategies can help limit the exploding trend of ransomware and BEC attacks in educational institutions and bolster cybersecurity throughout the coming year.

Matt Aldridge, Principal Solutions Consultant, Carbonite Webroot

Related Articles