By Mitrankur (Mit) Majumdar, vice president, Americas, Infosys.
With the ever-increasing threat landscape and hackers targeting all industries and services, cybersecurity incidents are on the rise across the globe. In fact, education sector accounts for almost 60% of the total enterprise malware attacks encountered.
A report from Privacy Rights Clearinghouse (PRC), a non-profit consumer education and advocacy organization, provides some indication of the extent of the problem. The PRC reports 788 data breaches have occurred in K-12 schools and institutions of higher education that led to 14,871,122 compromised records since 2005.
With the rise of technology use in schools, these figures are likely to only increase. Schools cannot ignore the need to plan for cyber threats in their emergency operations plans. The education sector is quite vulnerable to attack for a couple of reasons. One, security controls in the education sector are usually not as stringent as enterprises. This is despite the fact that there is valuable data of students, teachers and parents at stake, for attackers to access and misuse.
The number of K-12 and university students using online channels and mobile devices has been growing steadily in the last couple of years. Since the second quarter of 2020, though, the Covid-19 situation suddenly resulted in a massive spurt in online education. Schools and universities across the globe moved online, almost overnight.
This sudden shift to remote learning led to a number of challenges, given that neither teachers nor students are aware of possible data proliferation avenues and continuous encounters with malware resulting in significantly increased vulnerabilities. Raising cybersecurity awareness among the many actors of education sector became paramount. Security controls also needed to be implemented to strengthen the infrastructure against attacks. Security – be it network security, asset management, endpoint protection, data security or others – is still a primary concern in a digital classroom.
Back to Classroom Concerns
With the rollout of the vaccine ramping up, conversations are beginning to percolate about what a return to the classroom will look like. While, physical health and safety concerns are certainly a number one priority, there needs to be enough thought given to the digital aspect as well. We need to consider the implications of hundreds of pupils bringing their laptops and other devices that may be infected with malware, viruses, and the like, back to their schools’ networks. If schools are not prepped properly, there could be some drastic cybersecurity implications.
Important priorities that need to be considered include:
- Watch – Security event monitoring, Aggregation, Analysis and Orchestration, Automated Incident Response
- Intel – Strategic, Operational and Tactical intelligence, Aggregation of Threat Intel Feeds, Threat Landscape, Brand Reputation and IP Leakage
- Hunt – Proactively Detecting Anomalies using AI & Visualization, Hypothesis and Techniques based Hunting, Powered by a home-grown Data Lake
- Scan – Unified Vulnerability across Applications and Infrastructure, Risk scoring to prioritize Patching, Vulnerability Life Cycle Management
- Gaze – Metrics Management, CISO Dashboard & Tracking by trend charts, Identifying key concerns and improvement areas
Here is a recommended roadmap to address this: