From classroom to cybersecurity: protecting the education sector from digital threats

Education institutions increasingly rely on digital platforms, from smart classrooms and online learning to campus operations. Students often connect their personal mobile phones and laptops to campus networks thus potentially increasing the cybersecurity risk.

Whilst digital platforms improve the educational experience for students, it also opens the door to cyberattacks. Recent statistics indicate that nearly half of further and higher education institutions have fallen victim to some form of cybercrime in the past year.

A case in point is Debenham High School in Suffolk, which recently faced an attack that took its entire computer network offline.

Given the growing prevalence of such incidents, it’s crucial to delve deeper into the issue. We’ve invited Martin Mackay from Versa Networks to discuss the landscape of cybercrime in the education sector, its impacts, and what can be done to safeguard colleges and further education institutes.

Why is the education sector particularly vulnerable to cyberattacks?

The education sector can be a prime target for. Campuses usually have a large number of people (students; faculty; temporary staff) accessing their systems and networks or connecting devices with relatively limited controls imposed. This is a recipe for disaster when it comes to cybersecurity.

Security teams struggle to keep track of the devices – both school issued and BYOD – connecting to campus networks and thus they lose visibility – ultimately creating gaps for cybercriminals to exploit. There is also no easy way to enforce security standards across the diverse devices connecting to the network. The education sector is therefore open to risks ranging from data theft to the exploitation of out-of-date or vulnerable software, all of which put universities’ networks at risk.

Furthermore, lecturers and students may not be aware or fully understand the risks, to detect and avoid phishing attempts or other types of social engineering – providing another path for cybercriminals to gain access to networks.

It’s not just limited resources which makes the education sector a popular target to cybercriminals but the exceptional amount of Personal Identifiable Information (PII). This includes student and faculty records, as well as financial information. This information can be sold on the dark web for a quick profit or used to commit other crimes such as fraud or identity theft.

What are the consequences of cyberattacks on the education sector?

Cyberattacks on educational institutions can have far-reaching consequences and can have a lasting impact on the establishment. Ultimately, the highest price is being paid by students.

Primarily cybercriminals look to disrupt access to systems; systems that would otherwise allow lecturers to deliver slides, students to submit vital assignments, or access supporting resources. Ransomware attacks against the education sector have been known to lock teachers out of online resources, forcing classes, and even entire campuses, to temporarily close. For instance, the University of Portsmouth reported experiencing a cybersecurity issue that impacted a portion of its IT infrastructure. Due to the incident, the campus was closed for majority of the students for over a week.

Whilst immediate disruption is a huge concern, these institutes also suffer from reputational loss and significant media attention. The education of students has already been greatly impacted by the pandemic and hence further closures due to cyberattack cannot be afforded.

As mentioned above, the education sector holds an immense amount of PII and this can be incredibly damaging if breached. For instance, an attack on the University of Manchester had repercussions on an NHS patient database, with 1.1 million individuals’ information being exposed. With the sector being so vulnerable to attacks and the consequences being disastrous, the need to secure education networks is more important than ever before.

If the institution is a victim of a cyberattack involving ransomware, there is then the incredibly difficult dilemma as to what to do about it – accede to the criminals demands or potentially suffer major continued disruption.

What advanced security measures should further education establishments implement?

Further education institutes must ensure that their staff members follow basic security measures to protect the institution. Basic cyber hygiene has proven to be extremely effective in protecting the education sector against cyberattacks. Simple measures such as multi-factor authentication (MFA), enhances security by necessitating multiple verification forms.

The human element is equally important. Educating staff and students about cybersecurity threats is vital for an organisation’s safety. Cyber awareness training equips individuals to understand potential risks, their impact on the institution, and the preventive measures to secure their digital environment.

Alongside, further education institutes must integrate Unified Secure Access Service Edge (SASE). Unified SASE marries together network security and Wide Area Network (WAN) functionalities into a single cloud-native service, helping educational institutes build a robust security posture.

How can secure Unified SASE help educational institutes?

Managing cybersecurity within the education sector poses unique challenges due to the expansive nature of the technological infrastructure. However, Unified SASE offers a streamlined approach to secure all types of remote access, from staff computers to student mobile devices.

One of the most effective features of Unified SASE is micro-segmentation. This breaks down the network into smaller, secure parts. When an educational institute has multiple devices—used by both students and staff—connected to its network, micro-segmentation becomes crucial. It acts as a safeguard, ensuring that if one device is compromised, the threat is contained within a specific segment of the network. This minimises disruption and keeps educational tools functional.

Cybercriminals are not just attacking laptops or end-users but are going after the so-called IoT (internet of things) meaning that any device attached to the network (e.g. a printer) is a potential source of vulnerability. That vulnerability is exacerbated by the fact that these devices are not smart and therefore cannot be easily secured. You have to have a consistent policy to identify the device and be able to isolate it on the network to its core function – this is what micro-segmentation essentially does.

Additionally, Unified SASE contains robust security measures such as advanced threat protection and intrusion prevention, allowing security teams to identify and neutralise threats before they inflict damage. This secures universities’ data and systems without slowing down connectivity, therefore not negatively impacting on teachers accessing online resources or the teaching of remote classes.

Unified SASE also addresses the key other issue for the education sector which is keeping costs down. By consolidating various security services into a single platform, education institutions can optimise their security operations and decrease the expenses of managing multiple security solutions – lowering the Total Cost of Ownership (TCO). It can also support security teams that are over-stretched, by allowing them to focus on more critical tasks.  

By prioritising cybersecurity measures and investing in the necessary resources such as Unified SASE, the education sector can reduce the risk of falling victim to a cyberattack and ensure a safe and secure learning environment for their students.

By Martin Mackay, CRO at Versa Networks