Educational institutions are a massive storehouse of information. Starting from student's test results and research papers to personal records and staff payroll details, schools store a lot of data that necessitates adequate security. Protecting a financial organization from malicious threats is a typical scenario, but the need for cybersecurity in education has gained additional momentum in the 'double-whammy' of increased digitalization of classrooms and the targeting of schools and colleges by hackers in recent ransomware campaigns. More than thousands of educational institutions have already been a victim of cyberattacks, with the most devastating ransomware attacks costing schools hundreds of thousands of dollars, where the alternative is being forced to close.
With the prevalence in remote learning, Cybersecurity has become more critical now than ever before with educational hubs at high risk of being attacked and their data misused. The day is not far away when cybersecurity in the education sector will be an important criterion amidst funding, regulation, and other approval processes. With hackers' objectives varying from altering students' grades, stealing breakthrough research, to seizing the personal data of students and administrators, there are many possible reasons to interest cyber hackers to focus their surveillance and effort towards educational institutions.
As schools and universities increase their reliance on remote connection and access for teachers and students alike, they are also inadvertently expanding their threat surface by providing attackers with many more touch points which attackers can manipulate to gain access. We expect that both K-12 and universities, will be specifically targeted by cybercriminals in the coming weeks, who won’t necessarily have advanced their techniques, but will have uncovered the most accessible points from which they can gain penetration.
The main point of focus for ransomware is to target a network, replicate itself, and cripple the organization. Remote learning provides the perfect opportunity for threat actors to install Trojans and malware on machines being used by students and teachers that are not owned, or protected, by the school. This malware can then be transferred into the school’s network, as users will be granted access to resources normally only accessible from inside the network. And since threat actors have lots of time to wreak their damage (the average time from infection to detection is 111 days), schools may not know they've been infected until it's too late.
What are the major threats to an educational institution?
As part of preparing your initial Information Security Risk Assessment, we've compiled a list of some of the most significant threats that tend to target the educational sector:
- Malware
Ransomware, spyware, worms, back-doors, droppers and coino miners are all various types of malware that have been known to pose a threat to educational institutions. All mobile devices connected to the system need to be secured with next-gen anti-virus software to protect from threats. However, ransomware in particular should be of significant concern to IT school staff. The FBI recently released a public service announcement raising awareness on the increased proliferation of ransomware gangs that steal data from infected networks and then threaten to publish that sensitive data if the school refuses to pay the ransom. This added risk “may create an elevated urgency for schools to pay ransoms” and thereby perpetuate the practice. For this reason, the FBI advised schools to pay particular attention to attacks involving Ryuk ransomware which exploits RDP endpoints to gain an initial point of entry.
Unlike what most people think, when ransomware hits, decrypting the ransomware with a special key won’t necessarily help you return to a clean state or be enough to stop the impact of having been attacked – because the machine is still infected. This means that any new files, files restored from a backup, or decrypted files are still vulnerable to the ransomware logic that is still lying dormant within the system. Paying the ransom doesn’t put you out of harm’s way either as there is still every risk of getting encrypted again.
- Phishing
In an educational institution, phishing emails pose a severe threat as they work on human susceptibility to error and fear. Often providing a false pretext, such as as a fabricated payslip email notice or a request to fill out a leave form, cyber attackers make email accounts look authentic, effectively trapping students and employees to providing sensitive information or inadvertently giving access to data.
What sort of damage can be inflicted by a successful attack?
In the worst situation, where their entire systems have been brought down, a school could be forced to close its doors. However, the level of damage that is inflicted is likely to be in line with the attacker’s objectives, typically attackers have two main objectives when targeting schools:
The first is to gain access to the student information system, where the attacker’s goal is likely to be to acquire student data and perhaps change grades. Most students do not have established credit ratings, which makes their personal information especially valuable. The second target is the school’s network. By encrypting the entire network, schools can become completely non-functional. With so many resources being focused on providing a worthy educational experience for students at home, malicious content could slip through the cracks - it's this lack of focus and staffing that the threat actors are going to maximize.
In a ransomware attack, the damage is likely to be the high ransoms that schools will be coerced to pay. Attackers appear to be aware of the greater vulnerability that schools are in, where their educational resources are stretched to cover their greater security needs, and they aren’t hesitating to manipulate the situation to coerce schools to pay high ransom amounts to resume normalcy.
What aren't schools doing that they should be doing to protect themselves?
First, backups of key systems need to be made that are immutable when they are created (to include de-duping and compression), then written in an encrypted format off-site.
Secondly, cannot emphasize enough the importance of building awareness of students, teachers, and really, any and all users. The weakest link in any organizational security structure are almost always users.
Patch cycles must also be quicker and focus on systems with distributed access.
Having adequate endpoint protection systems in place is crucial. Unlike the corporate environment that may have heaps of money to spend on products and a large SOC team, schools should be focused on having solutions that prevent the widest possible range of attacks. There simply isn’t the time or resources available to investigate every incident that occurs, and endpoint protection really needs to be geared towards preventing those attacks from the outset.
Approach to ensure cybersecurity in educational institutions
After studying the potential threats, you must be wondering how to implement the best protection from such cyberattacks? Our cybersecurity product provides the best endpoint protection in the industry, our multi-layered approach to security proves to be the best solution to preventing malicious threats, whether they be known traditional malware, or never seen before zero-day threats. The superior protection is enabled by its end-to-end encrypted Deep Learning framework that works to detect threats from an endless number of file types and with greater levels of accuracy, reducing the number of false-positives typically experienced with other products.
Security experts do not have it easy. At Deep Instinct we take our hats off to these unsung heroes that are defending the educational frontiers against cybercrime. Since 2016 over 1,000 school districts, colleges, and universities have fallen victim to successful cyberattacks, and that number is on the rise. With such a diverse user base with varying levels of cybersecurity awareness, educational IT and security teams need solutions that prevent attacks with little to no human expertise required. Our aim at Deep Instinct is to armor and support education IT security staff with the best technology out there.
Our solution is designed to reduce their workload and automate as many tasks as possible, allowing educational security experts to focus on strategic measures rather than constantly running after crises. By delivering high detection rates and minimal false positives, the alert fatigue of security staff is greatly minimized, as is their work stress.
In this testimonial video Matthew Fredrickson, the Director of IT for Council Rock School Districts explains what a huge difference Deep Instinct’s solution has made for managing day-to-day security tasks for him and his team.
“The primary reason that I selected Deep Instinct is, 1, in my mind having Deep Instinct on every single endpoint is like having a cybersecurity analyst sitting there looking over the shoulder of the end user all the time. And the other reason, there is no other product out there on the market that does what it does, the way that it does it, and to the degree that it does it well.” – Matthew Frederickson, Director IT of Council Rock School District
The Council Rock School District is located in Newtown, Pennsylvania, and is comprised of 15 Kinder to year 12 schools which comprise around 13,000 end users. Deep Instinct has been deployed into the production environment for Windows OS and servers. Matthew advises that the deployment of Deep Instinct compared to other products he has used was remarkably quick and easy. The environment currently has about 3k+ agents deployed, all of which are functioning in prevention mode.
To see the Deep Instinct agent in action you can request a demo, and start your school’s long-awaited journey to become one of the Learned Few.
At Deep Instinct, we prevent what others can’t find.