By Bob Turner, field CISO for education, Fortinet.
Education technology leaders are continuing to fight the cybersecurity battles. Microsoft reports that education accounted for over 80% of enterprise malware encounters since late February 2022. Sophos ranks education No. 3 in ransomware, with close to 500 attacks occurring in 2021.
While many universities are joining consortiums that provide security operations services, those institutions that have an active Security Operations Center (SOC), are reporting benefits including quick and effective response, decreased costs of breaches and operations, active threat prevention, improved communication and coordination, and availability of security expertise when they need it.
While there is forward motion aimed at providing safe and secure internet experiences for students and faculty, more can be done. With the cost of cybersecurity tools and talent, many programs are “best effort” and usually performed by IT staff who are not full-time security professionals.
Forward-leaning colleges and universities may have managed security services or have invested in a small team of security-focused staff. Others join with partner institutions or state level security operation centers and receive early warning information, allowing them to focus efforts when threats are reported. The rest are still struggling to rationalize the cost for any dedicated security operation.
Data breaches, ransomware attacks and other cyber incidents carry the potential for significant financial damage, among other problems, so colleges and universities have been investing for over a decade in improved talent, cutting edge cybersecurity tools, and continual testing of security controls. They’re also grappling with the need to protect research information and research budgets while also meeting increased compliance requirements that come with sponsored research.
Federal guidelines for protection of sensitive research and administrative data such as the National Institute for Standards and Technology 800-171, the Capability Maturity Model Certification (CMMC), and healthcare information protection laws are major motivators for improved cybersecurity given that personal and regulated data gathered under research projects must be protected.
As if the education system hasn’t already dealt with enough difficult change in the past two years as a result of COVID-19, the shift to remote/hybrid school also laid bare the cybersecurity gaps faced by many districts. Bad actors took advantage of already vulnerable systems and struck hard.
Ransomware attacks have been relentless. There were a record-setting 408 publicly disclosed cybersecurity incidents in 2020 in the K-12 sector, across 40 states, according to the State of K-12 Cybersecurity: 2020 Year in Review. Numbers for 2021 are still being finalized, but given what we’ve seen in terms of ransomware and cyber incidents overall, we expect them to be even higher.
Steps are being taken at the federal level; Joe Biden signed into law late last year the K-12 Cybersecurity Act to provide schools with more resources. But as we move further into 2022, ransomware attacks are still being perpetuated against schools even as districts try to bolster defenses. It can be hard to know where to focus first, so let’s examine some of the key things security IT teams should consider this year.
Uncertainty creates opportunities for bad actors
This year will experience the heightened cybersecurity threat level that the last two years saw. The year is still young, but we’ve seen schools across the country revert back to virtual learning as a result of the Omicron variant. Those types of shifts can too often open up potential opportunities for bad actors to strike, as cybercriminals operate on a “kick ‘em while they’re down” mindset. And we’ll continue to see malicious actors evolve their methods as needed to bypass or fool current cybersecurity efforts and continue their successful attack campaigns.
Circumstances make it clear that the focus for districts and schools must now become transitioning the short-term actions they initially took – both to facilitate virtual learning and combat cyber risk – into longer-term and more strategic cybersecurity approaches.
The disruptions to our society due to the coronavirus pandemic include significant impacts to education. Universities and colleges around the world have had to adjust to the reality of remote learning, at least for the foreseeable future.
The nation’s largest four-year college system, California State University, announced in May that instruction will primarily be conducted online this fall, and many other institutions are following suit. It’s now estimated that 70% of students are currently engaged in some form of online education.
This shift to digital learning has introduced a steep learning curve that many institutions that were unprepared for. Schools are working quickly to not only build the curriculum and content necessary to support online courses, but to also build the distance learning infrastructure needed by faculty and students to ensure simple and seamless remote access to this content. The challenges are, how to do this at scale, and how to do it securely.
The need to provide distance learning, and to do it quickly, has introduced new risks for educational institutions while creating potential opportunities for cyber adversaries. Schools have long been a target for cybercriminals. According to the 2019 Verizon Data Breach Report, education continues to be plagued by human errors, social engineering and denial of service attacks.
The changes brought about by the pandemic only compound those existing challenges. Based on recent information released in the latest Global Threat Landscape Report from FortiGuard Labs covering the first half of 2020, education comes in third, only after telecommunications providers and managed security service providers (MSSPs), in the percentage of institutions detecting ransomware.
Making Distance Learning Secure
Cyber adversaries have refocused their criminal efforts to take advantage of the new remote work and education environment resulting from the COVID-19 pandemic. They’re targeting the vulnerable devices and home networks of remote users looking to use those systems to open a back door into the core network.
This is evidenced by the significant increase in attacks targeting such things as consumer-grade routers, personal IoT devices, and components such as DVRs connected to home networks detected during the first half of 2020. Threat researchers are also seeing a spike in older attacks designed to exploit vulnerabilities in the often unpatched devices on home networks.
In fact, 65% of detected threats were from 2018, and a quarter of all detected attacks targeted vulnerabilities from 2004.
Naturally, the ability to securely support a remote learning policy is an essential component of any continuity and disaster recovery plan. However, to ensure that networked resources of colleges and universities, as well as those of remote faculty and students, are protected, these new realities need to be taken into account.