By Renee Tarun, deputy CISO, Fortinet.
The disruptions to our society due to the coronavirus pandemic include significant impacts to education. Universities and colleges around the world have had to adjust to the reality of remote learning, at least for the foreseeable future.
The nation’s largest four-year college system, California State University, announced in May that instruction will primarily be conducted online this fall, and many other institutions are following suit. It’s now estimated that 70% of students are currently engaged in some form of online education.
This shift to digital learning has introduced a steep learning curve that many institutions that were unprepared for. Schools are working quickly to not only build the curriculum and content necessary to support online courses, but to also build the distance learning infrastructure needed by faculty and students to ensure simple and seamless remote access to this content. The challenges are, how to do this at scale, and how to do it securely.
The need to provide distance learning, and to do it quickly, has introduced new risks for educational institutions while creating potential opportunities for cyber adversaries. Schools have long been a target for cybercriminals. According to the 2019 Verizon Data Breach Report, education continues to be plagued by human errors, social engineering and denial of service attacks.
The changes brought about by the pandemic only compound those existing challenges. Based on recent information released in the latest Global Threat Landscape Report from FortiGuard Labs covering the first half of 2020, education comes in third, only after telecommunications providers and managed security service providers (MSSPs), in the percentage of institutions detecting ransomware.
Making Distance Learning Secure
Cyber adversaries have refocused their criminal efforts to take advantage of the new remote work and education environment resulting from the COVID-19 pandemic. They’re targeting the vulnerable devices and home networks of remote users looking to use those systems to open a back door into the core network.
This is evidenced by the significant increase in attacks targeting such things as consumer-grade routers, personal IoT devices, and components such as DVRs connected to home networks detected during the first half of 2020. Threat researchers are also seeing a spike in older attacks designed to exploit vulnerabilities in the often unpatched devices on home networks.
In fact, 65% of detected threats were from 2018, and a quarter of all detected attacks targeted vulnerabilities from 2004.
Naturally, the ability to securely support a remote learning policy is an essential component of any continuity and disaster recovery plan. However, to ensure that networked resources of colleges and universities, as well as those of remote faculty and students, are protected, these new realities need to be taken into account.