According to the 2018 Education Cybersecurity Report, institutions struggle with application security, endpoint security, and patching cadence. Multiple types of bad actors can target these vulnerabilities at schools. They could be someone seeking profit from the sale or use of stolen personal data, young people involved in some sort of a prank, or possibly even foreign governments looking to exploit research-related data.
When schools don’t have strong technology teams, they are left vulnerable to attacks. Nearly two-thirds of school districts in the United States serve fewer than 2,500 students, and many do not have a dedicated staff member solely managing cybersecurity, according to Keith R. Krueger, the chief executive of the Consortium for School Networking, a group that represents technology employees at primary and secondary schools.
As schools continue to transition to a more tech-based approach to teaching and learning, it’s important they understand the downfalls that come along with not having a proper cybersecurity strategy in place.
How institutions can prevent cyberattacks
Rather than continuing with the mindset of “if an attack happens,” schools must shift to the thought of “when an attack happens.” Because, unfortunately, it can happen at any moment, to anyone. As a result, well-designed security architectures must be in place to prevent as many attacks as possible, and monitoring and analysis tools need to be used to quickly identify and remediate attacks that have been successfully launched against the institution.
To help combat potential threats that can penetrate IT infrastructures, schools should consider an emerging security concept called Zero Trust Security. Put simply, the objective of Zero Trust is to strengthen an organization’s data security by limiting the risk from excessive user privileges and access, using a series of controls to ensure threats cannot enter and move laterally within an enterprise’s infrastructure. As a result, granular access policy enforcement based on user context, data sensitivity, application security, and the device posture, becomes a critical component of any educational institution’s Zero Trust architecture.
Zero Trust can be applied to your network, cloud applications, endpoints, and data, but can it be applied to use of the web and email for students, faculty and staff at schools? This is a critical question, because web-based malware and malicious URLs embedded in emails are the primary threat vector schools face. The good news is that a technology known as web isolation can be used to enable Zero Trust Browsing on tablets, laptops, and mobile devices.
Regardless of device, with web isolation, each browsing session is rendered within a unique, isolated container in the cloud away from the endpoint. An interactive media stream representing the website is sent to the device’s browser, providing a safe, seamless, fully interactive user experience. Whether students/educators browse to a malicious site on their own or reach one by clicking a URL embedded in a phishing email, they’re completely safe since no web content is ever executed directly on the device. For additional phishing protection, sites can be rendered in read-only mode, preventing users from entering credentials. All attachments can be sanitized before being downloaded, ensuring malware cannot infect endpoints.
These strategies can help institutions combat cyberattacks
Together with isolation, schools should prioritize deploying strong identity and access management capabilities and micro-segmentation of network and IT resources. These tools will allow IT teams to enforce granular access control, so students and faculty can access only the specific resources they require in order to accomplish their tasks. Coupling these with isolation, which is designed to protect schools from cybercriminals targeting them from the web, can put an organization on a solid path to Zero Trust.
The future of educational technology
Every day, attackers and their methods of attacks become more sophisticated. As teachers, students, and researchers continue to use and implement technology into their classrooms and learning environments, it’s essential that their defense methods become more sophisticated, too.
Even if budgets are tight, which could very well be the case, being educated on the types of attacks, where they can come from, and how to prevent them with some specific areas of security investment is worth its weight in gold.