Combating cyber threats in the education sector

Reports of cybercrime have increased by 13%, according to the Australian Cyber Security Centre (ACSC).

The ACSC’s 2020–2021 Annual Cyber Threat Report, covering the period July 2020 to June 2021, says more than 67,500 cybercrimes were reported — which represents an increase of nearly 13% from the previous financial year.

The ACSC said this increase in volume of cybercrime reporting equates to one report of a cyber attack every eight minutes, compared to one every 10 minutes the year prior. The report also noted “a higher proportion of cyber security incidents was categorised by the ACSC as ‘substantial’ in impact” and “that this change is due in part to an increased reporting of attacks by cybercriminals on larger organisations and the observed impact of these attacks on the victims, including several cases of data theft and/or services rendered offline”.

Breaking the data down by industry, it is undeniable that the education sector is prone to attacks from malicious cybercriminals, due to the amount of personal data available across user devices and organisation networks. This sector accounted for 6.2% of the incidents accounted for in the ACSC report, ahead of financial and insurance services and retail trade (both 4%).

Of the 500 ransomware cybercrime reports received by the ACSC, which was a 15% jump from the year prior, the top five reporting sectors accounted for approximately 50% of all ransomware-related incidents, with the education and training sector reporting 7%.

In November last year, the PNORS Technology Group, used by the Department of Education and Training in Victoria, suffered a data breach, potentially exposing confidential information.

While cybersecurity is certainly a top concern in the education sector, tight budgets and resources mean it is often not addressed until a major incident occurs. Given the imminent nature of today’s threat landscape, now more than ever the urgency surrounding how best to protect and mitigate such attacks is at an all-time high. With 40% of education devices found to have sensitive data stored, educational institutions must be adequately prepared to proactively prevent and respond to potential attacks before a system breach occurs.

Understanding complex IT environments

Despite schools returning to the classrooms, the ramifications from rapid acceleration of remote learning brought about by the pandemic are still being felt today — some of which present new challenges across the industry. With limited resources, visibility and budget, IT and security teams have been forced to address obstacles remotely. On the IT front, this can make it difficult to locate, track, manage and more importantly, reclaim missing devices — regardless of platform — from a single, cloud-based console.

Emerging concerns over the inability to measure student device usage and verify online activity remains a persistent challenge. This, in tandem with failing security controls such as encryption, outdated anti-malware and vulnerable OS versions, has created a plethora of vulnerabilities and increased risks for cyber attacks.

Boosting endpoint visibility

Education organisations were found to have endpoints that were connecting in from nearly three locations per day (2.89). This may not be surprising given the digital nature of most schools; however, paired with the analysis on sensitive data, it’s evident that endpoints are at an increased risk of compromise.

Whether on or off a campus network, it’s crucial to activate a persistent connection to all endpoints to provide unrivalled visibility and control. When institutions integrate these capabilities, they are then able to effectively geolocate, freeze and wipe remote devices. From there, security teams can better plan, execute, collect, control and monitor all remote devices.

Maintaining complete endpoint security requires several elements to be in place.

• The endpoint software should be embedded in the firmware of all devices, where it can’t be removed.
• Upon its activation, users should instantly have self-healing digital connection to all their endpoints, regardless of whether they’re on or off an institution’s network.
• Ensure inventory is an automatic process, where information can be fed from all endpoints. This should always remain efficiently up to date, without the need for any additional infrastructure.
• Encryption and anti-malware monitoring should help to provide an even stronger barrier, restoring faulty safeguards remotely, without any human intervention needed.

Embracing resilient zero trust

Given the growing threat of cyber attacks underscoring organisations’ abilities to depend on conventional perimeter-based defences to protect critical systems, the zero trust approach has taken precedence. This approach provides access to applications and data is denied by default.

With the anticipation of further cybersecurity regulatory changes in 2023, it is likely educational institutions will implement their own zero trust requirements to ensure they remain resilient despite ongoing threats. Solid network resilience is crucial to build on a platform of strong user verification as this is the most strategic means of preventing a breach of IT systems.

More specifically, resilient zero trust functions as a means of verifying users on a case-by-case basis, to assess, identify and alert of any suspicious behaviour. When teams are notified of these threats in advance, they can freeze or shut down potentially compromised entities to stop threat actors in their tracks. When this action is taken, this prevents hackers from moving laterally across a network, where they could cause even further damage to confidential records.

Ensuring resilience for the long haul

In today’s era of hybrid education, devices may travel with students and faculty across campus or even across the globe. Despite the benefits of staying connected, this new way of learning has created imminent concerns for information security; however, institutions shouldn’t remain fearful. So long as effective measures are in place, including reliable endpoints and resilient zero trust, there is no threat too big that can’t be contained.

Image credit: iStock.com/Chor muang