From education to employment

Securing the Classroom: Cyber Threats Facing Education

Kory Daniels exclusive

Kory explores the unique cybersecurity risks faced by educational institutions, such as ransomware attacks and phishing. It highlights the sensitive data at stake and offers best practices for bolstering defenses, including regular training, vendor assessments, data encryption, and partnering with cybersecurity experts.

With the recent string of cyber-attacks on universities, the education sector is a prime target for cybercriminals. As institutions deal with the aftermath of these attacks, addressing key risk factors such as out-of-date IT systems and fortifying their cybersecurity defences have emerged as urgent priorities.

There are unique factors in educational institutions that make them more attractive to cyber criminals. With sensitive data like students’ personal records or intellectual property at stake, cybersecurity needs to be top of mind for educational institutions across the board.

In this article, we’ll delve into the unique risk factors facing the education sector when it comes to cyber threats as well as the mitigation tactics that institutions can employ to defend against said threats.

The unique vulnerabilities of educational institutions

As educational institutions embrace digital learning, they inadvertently expose more of their schools or institutions to cyber criminals. Trustwave SpiderLabs’ recent report highlights critical vulnerabilities such as the exposure of systems, including public file servers, printers, collaboration systems, and systems storing sensitive data to a wide range of cyber threats.

Additionally, Trustwave SpiderLabs found instances of vulnerable devices, such as publicly accessible conferencing systems and collaboration tools, which could lead to unauthorised access and data breaches.

Another crucial aspect of why educational institutions are attractive to cyber criminals is the sensitive nature of the data that they hold. We know from previous research that the more sensitive the information, the more attractive it is to cybercriminals. Schools, colleges, and universities hold troves of sensitive data, putting them at high risk for cyber-attacks. Primary and secondary schools possess personal data about minors, including names, addresses, academic records, and more. In contrast, colleges and universities house intellectual property such as research and inventions, in addition to personal data.

Educators are increasingly becoming more reliant on external service vendors such as software-as-a-service, hosting providers, cloud storage solutions, and IT services for diverse functions. These third-party partners present a significant threat to the education sector due to potential unidentified vulnerabilities in their cybersecurity measures. As is often the case, the third-party partners don’t work hands-on with sensitive data and therefore don’t see the importance of stringent cybersecurity measures.

In these instances, bad actors will always target those with weaker defence systems to gain access to another party, such as a university or school.

Breaches to these external platforms impact not only targeted institutions but also risk having a ripple effect across numerous other educational entities.

Bad actors often use various methods to continuously target educational institutions. While the technical aspects of these attacks may change over time, the underlying tactics remain consistent.

These underlying tactics include:

Malware and ransomware attacks:

Ransomware attacks are the dominating form of cyber-attacks in the education sector and have recently forced many institutions to temporarily shut down.

This type of malware typically encrypts or locks data and then demands the victim pay a ransom to provide access to that data again. Groups such as LockBit and BlackCat, usually extort institutions out of large sums of money, using the sensitive data they have stolen.

Even if the ransom is not paid, the attackers can still profit by selling the stolen data on the Dark Web. A third layer to this tactic is the distributed denial of service attack (DDoS), which disrupts institutions’ daily operations by restricting access to devices and network services.

Phishing and social engineering:

Phishing is one of the most common attack tactics, targeting individuals within organisations to get access to login credentials or sensitive information.

In the education sector, attackers will usually use fake university communications or offer enticing student job opportunities, which require the victim to perform certain tasks or provide sensitive information.

Most phishing emails to students or staff are sent to deliver malicious attachments, through which attackers can distribute malware across the institution’s systems.

Malicious Email Attachments:

In the education sector, the most common types of email attachments used for phishing and malware distribution are HTML files, executables, and PDFs.

Notably, HTML attachments make up 82% of malicious email attachments. These attachments are primarily used in two forms:

  • Fake login page that is used to trick people into entering their usernames and passwords and stealing their login credentials
  • Or as pages that automatically redirect to harmful websites when clicked.

Best practices for education cybersecurity

A preventative approach to cybersecurity is critical. Cyber attackers constantly evolve their tactics and have a growing number of AI-supported weapons in their arsenal. Educational organisations must meet this challenge head-on.

The first step is to conduct regular training and mock phishing test programs for students, faculty and staff, emphasising the recognition of phishing emails. Institutes should adopt a zero-trust approach, scrutinising all emails – especially those resembling university or HR communications.

Before engaging with any third-party vendors, comprehensive security assessments should be conducted. This involves assessing vendors’ cybersecurity policies, existing and tested incident response plans, and compliance with established guidelines set for cybersecurity in educational institutions.

Accompanying this should be periodic audits and reviews of the security practices of third-party vendors, which involve penetration testing to identify and remediate any security gaps.

Finally, system and software patching should be prioritised for any databases that store sensitive data. Sensitive data must be encrypted at all times. To keep this data secured, access should only be limited to only what is necessary to complete a task. Additionally, access logs for these data sets should be checked regularly for any unusual activity.

As cyber threats continue to evolve, cybersecurity and implementing best practices must be top of mind for educational organisations. The value of threat intelligence must be considered in the education sector, therefore partnering with qualified cybersecurity experts can drastically help educational institutions stay informed of the latest tactics used by cyber criminals and ensure their defences are designed to counter emerging threats. By taking a proactive and vigilant approach, with guidance from cybersecurity professionals, schools and universities can help safeguard their students, staff, intellectual property, and operations from constantly evolving cyber threats.

By Kory Daniels, Chief Information Security Officer, Trustwave

Related Articles