According to a January 2018 article in CSO Magazine, the education sector accounted for 13% of all data security breaches during the first half of 2017, resulting in the compromise of some 32 million personal records. These statistics represent a 164% increase in data security breaches compared to the previous year. Cybercrime in the education sector does not get as much press as attacks that target the financial services industry or IT arena. In fact, the education industry is very attractive for cybercriminals due to its wealth of valuable student PII (personally identifiable information). Additionally, many educational institutions house information relating to cutting edge research, technology innovations and IP which is also valued by potential hackers.
Vulnerabilities and Challenges
The unique challenges faced by an education organization can impact its ability to adequately protect against cyber threats. The sheer amount of technology available in these institutions - from computer labs to BYOD devices and more - adds to the vulnerability of the sector. Limited budgets leave IT offices understaffed and the increasing use of e-learning tools and online teaching initiatives can create unintended vulnerabilities. Additionally, the systems used by universities and other education organizations must be accessible to a large population of students and teachers with varying degrees of technical knowledge. As a result, strict cybersecurity measures are often loosened up in favor of usability and functionality.
From traditional malware attempts to social engineering techniques and even more sophisticated cyber threats, bad actors continue to target the education sector because of the profitability of these hacks. Institutions of higher education have reported a number of cybersecurity incidents that have led to the disruption of daily operations, costly leakage of personal and financial details and the release of valuable research data. Some of these incidents included:
- The direct compromise of email systems.
- Exposure of sensitive patient information in school health care systems.
- Cyber attacks originating from foreign countries to specific entry points within the educational institutions.
- DDoS attacks that interrupted daily operations and operations during key times in the school year.
- Costly ransomware that resulted in ransom paid for the return of sensitive data.
Steps For Prevention
Raising awareness about cyber crime and installing security patches is a start, but it will not be sufficient to adequately secure an organization’s data. To prevent unwanted intrusions, education agencies are recommended to take a number of actions to secure their data. From an administrative standpoint, adequate training and security policies should be developed and implemented and penetration testing conducted to determine if security measures are working properly. It is critical that organizations have a thorough understanding of all potential network entry points, knowledge of where data is stored and kept, and a list of all persons with access to that data. Organizations are also advised to monitor networks closely and consistently.
GoSilent is an enterprise-grade firewall/VPN that safeguards education institutions by locking down access to their network and protecting valuable data. GoSilent’s state of the art technology creates a totally secure connection from the end user (student, teacher or administrator) to the enterprise server and forms an “IPSec tunnel” within the server’s framework. This means that sensitive data is fully protected and the organization suffers no interruption of daily operations. GoSilent’s technology can be deployed on-premise or from the cloud and shuts down threats before they begin. Learn more about Attila Security’s products and services.