Cybercriminals go back to school too

This article was written by Amber Bennoui, senior technical product manager, Threat Stack.

As K-12 and college students prepare to enter another academic year this fall, cybersecurity leaders are issuing stern warnings to educational institutions, as cyberattacks pose an increasing risk. The start of the school year represents a ripe opportunity for cybercriminals to exploit faculty, administrators, and students while they settle into their new schedules and routines. To add more confusion, K-12 schools and higher educational institutions are still in the early stages of their digital transformations — undertaking efforts to scale infrastructure to support a growing need for remote learning, migrating to cloud infrastructure, and introducing new technologies and frameworks. IT leaders at schools and universities must proactively manage their digital transformations by balancing the cybersecurity and compliance needs of their modern IT infrastructure as user adoption grows. Ignore one, and the rest suffer.

Education’s transformation into a highly regulated industry

When thinking about highly regulated industries, K-12 and higher education do not initially come to mind. However, given the volume of sensitive information (i.e., student financial records and PII), we are seeing educational institutions forced to comply with frameworks outside of the US Department of Education’s Family Educational Rights and Privacy Act (FERPA). Education institutions’ cloud posture introduces new complexities and compliance requirements, including, but not limited to HIPAA, PCI DSS, SOC, GDPR, and state-mandated privacy requirements.

Just as compliance has become the standard for doing business in the private sector, it has also become inherently critical for publicly facing entities like hospitals and schools to keep patient and student personal data secure. Regulators have imposed a wide array of mandates and protections designed to uphold privacy and security standards around consumer information. Educational institutions must have visibility into how data flows into and out of their IT environment. Schools now must identify the local, global, and industry regulations that apply to their business and strategically implement the processes and technologies that keep them compliant.

Many certifications require a host of documentation, including a clear information security policy, a risk assessment process, security assessments for any third-party tooling, and evidence of information security monitoring and detection. It’s also critical that organizations stay current with changes to compliance frameworks.

Security tooling should map specific behaviors to multiple frameworks and, ideally, identify abnormal or anomalous behavior to proactively identify potential threats and save a lot of time and manual labor. Bonus points if you can produce reports to provide proof of compliance while responding to audit requests.

The good news is that many of these regulations overlap so that educational institutions can simultaneously complete requirements for multiple compliance frameworks. Compliance also has the ancillary benefit of improving security maturity, a critical facet of educational institutions’ operations given that Microsoft Security Intelligence found that 61% of nearly 7.7 million enterprise malware encounters reported in the past month came from those in the education sector.

Cybercriminals taking educational institutions to school

The education sector is heavily under fire by opportunistic cybercriminals. Security vendor PurpleSec found that education was ranked last in cybersecurity preparedness out of 17 major industries. That same report also identified close to 500 cybersecurity incidents involving education institutions in 2020 alone.

The reason for cybercriminals’ heightened interest in the sector is simple: educational IT leaders often do not have the appropriate resources or budget to protect against cyberattacks. Therefore, they are considered soft targets by bad actors. This scenario is even more critical as schools rush to scale existing tools and implement new remote education tools to enable hybrid learning due to the ongoing Covid-19 pandemic. With an IT environment in transition, it is difficult for educational institutions to enforce data ownership security protocols while building redundancies, making them susceptible to DDoS attacks, SQL injection, phishing, ransomware, and password attacks.

Recommendations for an A+ cybersecurity strategy

Educational IT leaders must prevent, accurately identify, and quickly respond to risk across cloud infrastructure and applications. Full-stack observability is crucial in preventing and defusing cyberattacks before they become large-scale breaches. Collecting this data is difficult in the cloud, often rendering traditional collection approaches ineffective. The aforementioned is why many businesses use tooling and scripts backed by machine learning to collect and analyze telemetry based on pre-set rules and conditions. This option is attractive to academic institutions because it enables IT leaders to fortify and maintain their security posture without adding significant administrative work to their plates. Proactive monitoring allows schools to limit the scope and reach of common attack vectors.

Educational institutions are undergoing a long-awaited technological revolution that will forever change their operations and introduce new efficiencies to the educational sector. However, despite all this change, it is essential for IT leaders not to lose sight of their compliance and cybersecurity responsibilities. Cybercriminals certainly are not.

The first step in any compliance or cybersecurity program is simple: you have to know where and how sensitive information is stored within infrastructure, monitor network configuration on the entire network, log user privileges and access, and determine if data follows proper handling procedures. These basic tenets serve as a solid foundation for IT leaders to advance their educational institutions’ digital transformations.

Amber Bennoui is a senior technical product manager at Threat Stack, a VC fellow at Vencapital, and former co-founder of an experimental open source, peer-to-peer teaching and learning platform, University of Reddit.