How can the education sector protect itself against the top three cybersecurity challenges in 2022? – FE News

The recent pandemic has brought significant changes to day-to-day working life and the way individuals go about their lives in general. The rise of hybrid working and working from home (WFH), in particular, has brought many challenges for security administrators.

Likewise, the growth of distance learning has increased the risks in educational networks. Schools, universities, and research centers are attractive targets for cybercriminals because they often lack resources from a security perspective. In fact, recent data shows a 93% increase in cyberattacks targeting the education sector in the UK.

We have seen an upsurge in attacks since educational institutions were forced to configure their systems remotely due to the pandemic. With valuable data often stored on student laptops/desktops and institutional servers, the challenges of monitoring personal device access – and backing up that data – has led to complications for departments. computers.

Unfortunately, this is a trend that will only continue, especially with the entry into force of new hybrid work platforms. With cybercriminals looking to take advantage of these vulnerabilities, educational institutions will need to improve their security posture to defend against this larger attack surface in 2022.

Scams to watch out for

One of the biggest threats facing the education sector is Business Email Compromise (BEC) scams.. These attacks involve scamming unsuspecting users for money when a malicious actor sends carefully targeted spear-phishing emails from what appears to be someone they trust. According to research in the United States, from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, schools and colleges are more than twice as likely to be affected by a BEC scam as companies outside the education sector.

Likewise, ransomware, as well as BEC attacks, remain a threat to educational institutions. Schools are particularly vulnerable to ransomware due to security vulnerabilities and because attackers can target particularly sensitive times for educational institutions, such as during exams or registration periods.

The NCSC and other security groups continue to issue alerts about the recent wave of ransomware attacks in the industry, which unfortunately echo similar warnings from the past – the cost of ransom is high. The average ransom demanded is over £120,000 ($170,000). According to our research, the real price of ransomware is much higher. This figure does not include damage to operations, reputation, insurance or the cost of defensive measures.

For hackers, schools are valuable because of the data they can provide beyond student grades, including confidential student and staff information, staff and organization bank account details, and other personally identifiable information – making educational institutions the third most common target for hackers behind healthcare and financial services. Personal data is easily exchanged and visible on dark web marketplaces. Therefore, data loss due to theft is a common phenomenon in schools and in many cases it unfortunately goes undetected until it is too late.

The Challenges of Protecting Education from Cybercriminals

Since so much of the learning takes place online, severe attacks can interrupt the learning process for students. In March 2021, many schools in Nottinghamshire district had to shut down their IT infrastructures due to a sophisticated cyberattack.

This further emphasizes that it It is not uncommon for school administrators or teachers to make technology purchases without the consent or even knowledge of the school’s technology department. In these cases, equipment and software are purchased without consideration of potential cybersecurity risks. A single college or school campus can contain many different sub-organizations, such as offices or departments, which can increase a school’s vulnerability to attack.

Attackers frequently target an organization’s networks through remote access systems, such as Remote Desktop Protocol (RDP) and Virtual Private Networks (VPN). The use of insecure RDP has grown exponentially as more administrators work remotely.

Cybersecurity Tips for Institutions to Stay Secure in the Year Ahead

BEC scams often attack schools and colleges by raping or posing as senior executives. Therefore, it is crucial to train staff to defend against phishing attacks and the compromise of work emails. Any process for releasing funds or sensitive data must have several safeguards in place.

IT administrators and service providers are responsible for providing sound procedures, training, monitoring and compliance. In the most challenging BYOD (bring your own device) environments, the first step should be to monitor and observe work practices before security guidelines are set, including asking questions such as:

  • Which video communication tool to use for distance education?
  • Which file extensions should be allowed?
  • Can files only be sent via email (which probably has file scanning) or a mobile chat app?

It is important to implement a cyber resilience strategy that prescribes multi-layered defenses. This should offer strong layered protection with AV, firewall, email filtering, intrusion detection, and DNS protection, as well as mandating two-factor authentication (2FA) where possible.

One of the most important strategies is to maintain multiple backups of critical institutional data. Cyber ​​criminals cannot be trusted to restore access to data even after ransom payment, so take care of this crucial requirement for recovery. The day a breach occurs is not the time to find out if your disaster recovery plan was well designed. Instead, simulate a worst-case scenario in advance and see if any gaps appear. Closing these gaps as soon as possible is a concrete step that educational institutions can take to protect themselves and their users.

Raising awareness and understanding threat exposure can help address many cybersecurity challenges – investing in security training for everyone is important. Emerging cybersecurity technologies, mitigation tools and strategies can help limit the trend of ransomware and BEC attacks exploding in educational institutions and strengthen cybersecurity throughout the coming year .

Matt Aldridge, Senior Solutions Consultant, Carbonite + web root

Recommend0 recommendationsPosted in Exclusive to FE News, Education, EdTech

Comments are closed.