By Mitrankur (Mit) Majumdar, vice president, Americas, Infosys.
With the ever-increasing threat landscape and hackers targeting all industries and services, cybersecurity incidents are on the rise across the globe. In fact, education sector accounts for almost 60% of the total enterprise malware attacks encountered.
A report from Privacy Rights Clearinghouse (PRC), a non-profit consumer education and advocacy organization, provides some indication of the extent of the problem. The PRC reports 788 data breaches have occurred in K-12 schools and institutions of higher education that led to 14,871,122 compromised records since 2005.
With the rise of technology use in schools, these figures are likely to only increase. Schools cannot ignore the need to plan for cyber threats in their emergency operations plans. The education sector is quite vulnerable to attack for a couple of reasons. One, security controls in the education sector are usually not as stringent as enterprises. This is despite the fact that there is valuable data of students, teachers and parents at stake, for attackers to access and misuse.
The number of K-12 and university students using online channels and mobile devices has been growing steadily in the last couple of years. Since the second quarter of 2020, though, the Covid-19 situation suddenly resulted in a massive spurt in online education. Schools and universities across the globe moved online, almost overnight.
This sudden shift to remote learning led to a number of challenges, given that neither teachers nor students are aware of possible data proliferation avenues and continuous encounters with malware resulting in significantly increased vulnerabilities. Raising cybersecurity awareness among the many actors of education sector became paramount. Security controls also needed to be implemented to strengthen the infrastructure against attacks. Security – be it network security, asset management, endpoint protection, data security or others – is still a primary concern in a digital classroom.
Back to Classroom Concerns
With the rollout of the vaccine ramping up, conversations are beginning to percolate about what a return to the classroom will look like. While, physical health and safety concerns are certainly a number one priority, there needs to be enough thought given to the digital aspect as well. We need to consider the implications of hundreds of pupils bringing their laptops and other devices that may be infected with malware, viruses, and the like, back to their schools’ networks. If schools are not prepped properly, there could be some drastic cybersecurity implications.
Important priorities that need to be considered include:
- Watch – Security event monitoring, Aggregation, Analysis and Orchestration, Automated Incident Response
- Intel – Strategic, Operational and Tactical intelligence, Aggregation of Threat Intel Feeds, Threat Landscape, Brand Reputation and IP Leakage
- Hunt – Proactively Detecting Anomalies using AI & Visualization, Hypothesis and Techniques based Hunting, Powered by a home-grown Data Lake
- Scan – Unified Vulnerability across Applications and Infrastructure, Risk scoring to prioritize Patching, Vulnerability Life Cycle Management
- Gaze – Metrics Management, CISO Dashboard & Tracking by trend charts, Identifying key concerns and improvement areas
Here is a recommended roadmap to address this:
The foremost step to building a secure learning environment is to identify the elements that are vulnerable and understand the data privacy mandates. This includes creating a catalog of users, an inventory of available hardware, systems and software and a directory of processes so that a detailed assessment of the current state can be made to find the gaps, address them and edge towards a standard cybersecurity reference architecture. It is important to create a target cybersecurity architecture and roadmap in addition to reviewing and updating relevant school board policies for security governance and risk management. Lastly drive security awareness programs and training.
Build a zero trust strategy encompassing all facets of cybersecurity and focus on user, devices and network. This includes access, authorization, multi-factor authentication, and network micro-segmentation. Cybersecurity must be embedded in each step from envisioning courses to launching them – making the entire ecosystem secure by design.
Protecting data, endpoints and workloads and periodic patch management also form an integral part of this step. Including cybersecurity requirements or/and compliance in every new initiative must become a mandate.
Detection is about monitoring and identifying the signals that portend a threat. Universities must scan web and mobile usage and look out for data loss by monitoring endpoints, networks, and emails especially for protected, confidential and PII data.
A security incident and event monitoring (SIEM) solution to log, create alerts for any unusual activities on the network or by the staff is a good investment. Tools to track and analyse user behavior and adding visibility into cloud workloads are great ways to prevent disasters.
While the idea is to prevent any cybersecurity incidents, it is equally important to know how to respond to one when it occurs. The first step is to create a business continuity / disaster recovery plan. Cloud can be a great option to serve as additional backup. Institutions must build a process to manage communications with parents, community and the press and warn stakeholders whose information/data may be at risk.
Lastly, reporting the attack to the authorities and defining processes for investigation and response and simulation exercises are critical to understand how to prevent such incidences from occurring again.
Once a cybersecurity incident occurs and damage is done, not only does it require an analysis of the existing strategy, but one needs to have a process to repair and restore the affected components. One must keep stakeholders posted on the recovery progress and work with cybersecurity vendors (for third party tools) for any updates required in tools and their implementation.
Even as the world returns to a ‘new normal’, we are likely to see a hybrid model that integrates both offline and online modes of learning. Taking a proactive approach to security and understanding the new vulnerabilities is key to building secure and resilient infrastructure for the education sector.