Cybercrime has grown tremendously in recent years, and the education sector is no exception. Of all the methods that bad actors use to target individuals and businesses, the threat spiking particularly high is ransomware: the attack by which cybercriminals take an organisation’s files hostage and refuse to release them until their payment demands are met.
In fact, in the first half of 2021, ransomware attacks skyrocketed 151% to 304.7 million, smashing 2020’s record-breaking total number of attacks (304.6 million) as cybercriminals ran riot. After the public sector, education has been the most affected area for cybercrime, with a 615% rise in attacks over the first six months of 2021.
Cybercriminals continue to find schools and university networks a lucrative target. In March 2021, Britain’s National Cyber Security Centre (NCSC) noted spikes in cyberattacks among educational institutions in the UK in August and September 2020, along with another wave of attacks as students prepared to return to class in February. So, what is driving this rapid rise in cybercrime, and how can education institutes defend against it?
Remote learning sparks cybercrime explosion
Remote learning has created a particularly problematic situation in education. Already under-resourced IT teams have been under great strain to ensure the smooth running of online courses. This surge in cyberattacks resulted from their inability to fully tackle cyber security while enabling studies, presenting an opportunity for criminals to exploit.
Universities were hard hit by the pandemic and had to transform their entire online and learning ecosystems practically overnight. The more digitalisation an institution undertakes, the more complex the system, leaving more room for human error and system vulnerabilities. To make matters worse, universities are an especially attractive target, not only due to the mass digitalisation, but also because they deal with extremely sensitive data, national interest research, and proprietary intelligence that are of high value to hackers.
Due to the continuation of remote learning , it’s critical for academic institutions to understand the implications of weak cybersecurity infrastructure and take steps to address this. In such a highly complex landscape, legacy approaches to cybersecurity will no longer suffice. If the education sector responds appropriately, a multi-layered approach to cybersecurity is essential.
Defense starts with awareness
The first layer of any cybersecurity approach is awareness, and schools and universities should prioritise giving employees and students a thorough education on modern cyber threats and safety procedures. Especially important is educating employees, staff and students about phishing and other cyber-attacks that exploit human behaviour. However, while educating employees on best practices is likely to limit the chances of suffering a social-engineering attack, without a truly layered approach, organisations will continue to be at risk.
Layers upon layers of security
With the overwhelming sophistication of today’s threats, a multi-faceted defence is essential. The more obstacles you place in front of an attacker, the better your chances of identifying and stopping an attack before the organisation is compromised.
While there are many different routes to achieving this kind of cybersecurity posture, some of the essentials include:
- Network security – Physical and virtual firewalls make up the backbone of any sound cybersecurity posture and help protect against large volumes of common attacks.
- Real-time sandboxing – To inspect suspicious files that firewalls don’t have a known signature to check against. This is essential to capture and block constantly evolving strains of malware.
- Zero-trust security – To prevent unauthorized users from accessing and moving through a university network and gives trusted users (e.g., teachers, students) only access to what they need.
- Strong authentication - Including two-factor authentication (2FA), and identity and access management (IAM), to verify users and devices. Even strong passwords alone are not enough.
- TLS/SSL inspection solutions - To conscientiously and responsibly decrypt, inspect and re-encrypt malicious files hiding within SSL and TLS traffic.
- Cloud application security - To discover, manage and defend the slew of SaaS apps that students and staff are now using.
- Mobile and remote access security – To permit long-term safe remote learning.
- Email security solutions - To protect against targeted phishing, email compromise, and other social engineering attacks which see the criminals impersonating legitimate personas.
Ultimately, every education institution is different, and there is no single approach for creating a sound, layered cybersecurity environment. While the above steps will help education organisations, each network will need its own specialised analysis to ensure its being protected from the most likely cyberattacks.
By Bill Conner, Sonicwall CEO