EDUCATION: The Threat Of Cyber Attacks Is On The Rise
Schools and educational institutions around the world are under threat of or even victim to disruption from cybercriminals with 100s of reports of attacks taking place over the course of 2019 alone.
How Does Cybercrime Affect Education?
According to a recent report, the education sector was the most affected of all business sectors in the U.S in 2018 and the first half of 2019. And what we see in the U.S typcially starts to emerge in the UK shortly afterwards so we need to be on our guard and understand the types of threats that are getting through. These range from nuisance adware to serious malware like trojans, backdoors and, of course, ransomware – a malicious file that encrypts system files and information on endpoints and servers. Schools hit by ransomware attacks are denied access to vital information until they pay a ransom in crypto currency (most often Bitcoin).
Apart from the direct financial damage caused by this kind of attack (payments have been reported to reach $100,000 to release systems and regain access), the inability to access computer systems paralyses any academic institution. The cost of the damage only accelerates the longer the school is unable to send emails, record working hours or allocate classrooms and study resources, including school computers and Internet access necessary for many learning activities.
Schools that refuse to pay can be incapacitated for extended periods of time until a ransom payment is approved – or until the necessary skills are found to unlock the systems. The now-infamous Emotet malware has also been striking schools, with attackers using spearphishing to infect systems with the malware trojan. As many services are now entirely computerised, this can even affect infrastructure like heating and cooling, cafeteria services and security systems. This is becoming a widespread problem which schools need to be aware of.
It’s not only schools that are being targeted either. Higher education institutions are also vulnerable to cyber attacks. Unlike schools, universities and academic institutes are also being targeted by more sophisticated attackers interested in stealing the intellectual property (IP) and research data produced there.
This is a worldwide crisis for the education sector; in Australia the head of the local intelligence agency was recruited to inform universities about cyber threats and ways of prevention. This was one of the initiatives put in place after an extremely sophisticated threat actor compromised ANU and persisted within the university’s network for months at a time.
In the UK in April of this year penetration testing conducted by JISC, the government agency that provides many computerised services to UK academic bodies, tested the defences of over 50 British universities. The results were unflattering: the pen testers scored 100% success rate, gaining access to every single system they tested. Defence systems were bypassed in as little as an hour in some cases, with the ethical hackers easily able to gain access to information such as research data, financial systems as well as staff and student personal information.
Why Are Schools & Colleges Targeted by Cyber Criminals?
It is no coincidence that schools are among the most attacked. Schools manage substantial sums of money, store personal information for students and teachers and connect with a large number of external bodies and providers and, of course, parents, who primarily communicate with the school via email. This means that the school has a very large attack surface.
Coupled with enticing rewards is the fact that students make for easy victims of phishing scams. Students’ lack of experience combined with a tendency to use simple passwords across multiple services makes them prone to credential harvesting and password-spraying attacks. In one incident this past September, over 3000 student emails in a US school were hacked in this way. In addition, the awareness of parents, teachers and faculty regarding cyber risks is often much lower in education than in other sectors.
Further exacerbating the security situation is that educational establishments typically have a limited number of staff dedicated to security. Unlike banks, schools typically do not have dedicated information security personnel who are engaged in 24/7 protection.
How Can Schools Defend Against Cybercrime?
In the absence of the kind of dedicated resources typically found in other sectors such as SOC teams and in-house red teamers or penetration testers, the defence systems installed in educational organisations carry a greater burden and must deal effectively with threats. A solution that can autonomously detect and respond to attacks can help mitigate the lack of human resources so that only in the event of a particularly severe attack is the intervention of professionals required.
In the case of ransomware, the source of the attack is most likely to be contained in an infected file sent via email. In such cases, the EDR protection system must identify the file as soon as it tries to install itself on the endpoint, disable it and delete it from this and all other endpoints across the organisation. This will prevent the attack at the infection phase and prevent the loss of services in the educational institution. Similarly, a solution that can rollback a device to a healthful state, including decrypting encrypted files, should be high on the institution’s security shopping list.
Perhaps Schools Are Also The Beginning of the Solution?
As we’ve seen, schools and academia are in the crosshairs of cyber criminals, and will continue to be so for the foreseeable future. But educational institutions can also offer some hope of future relief. Policy makers understand that cyber education should start at an early age, and that educating young people about cybersecurity could lead to them, one day, becoming cybersecurity professionals, so badly needed in the industry nowadays.
Offering classes in topics such as network concepts, security concepts, identifying threats and cryptography would serve a valuable purpose. Programs such as this in UK schools could eventually improve individual’s resilience and have an adverse effect on the explosion of cybercrime. It would also generate young adults who are proficient in cybersecurity and will naturally be inclined to join the industry.
In the US, educational authorities are also becoming increasingly aware of the need for greater funding to train educational staff in areas such as email security, USB device safety and phishing awareness. In Massachusetts, for example, $250,000 has been earmarked to provide cybersecurity awareness training to over 42,000 school employees in 94 municipalities.
It’s Possible To Automate Your Security…
The importance of protecting our education system from cyber-crime cannot be overstated. Not only do schools, colleges and universities provide vital services to our society and economy, they are rich treasure troves of sensitive data. From personal information like birth records, educational history, social security numbers and financial data to intellectual property and cutting-edge research, the data held by these organisations is among the most useful to cyber criminals and advanced threat actors. And yet, these storehouses of precious data are perhaps among the least well-defended and under-funded in terms of cybersecurity. As a result, it’s imperative that administrators and policy makers address these shortcomings as a matter of urgency.
If you’d like to see how SentinelOne can help secure your institution with an easy-to-use, automated security solution, please click here to watch our video, or contactus on the below details for more information or a personalised demo.