Educational institutions have become regular targets for cybercriminals. In fact, the education sector accounted for 13 percent of data breaches in the first half of 2017, resulting in the compromise of around 32 million records.
One of the top reasons that schools are targeted is the diverse data they store on students and staff, including personally identifiable information (PII), healthcare information, and financial information. These records can then be sold on the dark web to be used for purposes of identity theft and fraud.
As educational institutions are being targeted more frequently by cybercriminals, they are also contending with demands for increased digital capabilities from students and faculty. This has led to a growing number of devices and applications connecting to the network per person, thereby increasing the attack surface. Seventy-two percent of students connect two or more devices to campus networks at the same time, meaning schools have to balance defending against an influx of endpoints that they do not own with giving students and staff a seamless IT experience.
As education IT teams seek to strike this balance, here are the top three challenges they are facing.
1. Frequency of Cyberattacks
Among the biggest cyber challenges facing the education sector is an increased number of cyberattacks that aim to steal personal information, extort data for money, or disrupt schools’ ability to operate. Recently, schools have been regularly targeted with the following three types of cyberattacks to achieve these goals.
Phishing emails are messages that appear to come from trustworthy sites or figures of authority attempting to get the recipient to send personal or financial information. Recent examples include cybercriminals posing as student loan companies, as well as officials claiming to need the W-2 tax information of employees.
Education is the sector most commonly targeted with ransomware. While 5.9 percent of government agencies have been targeted by ransomware, and 3.5 percent healthcare providers, 13 percent of education institutions have experienced ransomware attacks. Ransomware is a form of malware that encrypts files until a ransom has been paid. Ransomware is typically disseminated through malicious links or attachments to emails, which is why schools should employ a secure email gateway.
Distributed denial of service attacks are used to halt operations by flooding a school’s bandwidth with requests, causing the system to slow or crash, thereby keeping students, staff, and faculty from accessing the network. As schools have increased their digital offerings and students are more reliant on connected devices, DDoS attacks have the ability to hamper every aspect of educational operations.
2. Limited IT Resources
Another cybersecurity challenge schools face when protecting their networks from attacks is a lack of IT resources. The current cybersecurity skills gap means there is a shortage of available professionals equipped to deal with the threat landscape schools face. It’s impossible for the limited IT resources and personnel at schools to monitor every device and request to the network. As even more devices require access to the network, carrying applications with varying degrees of security, and digital transformation moves infrastructure and resources to the cloud, IT teams will need to incorporate security solutions that provide network visibility across distributed environments combined with automation if they want to keep pace with cybercriminals.
Legacy IT infrastructure is another area that can put schools at risk of an attack. IT teams have to ensure that older hardware and solutions have the most recent updates, or if they are no longer supported by vendors, must be updated with modern equivalents. In complex and highly distributed networks, however, patch and replace programs can be very resource intensive.
3. Building Cyber Aware Culture
Finally, schools must focus on the lack of awareness had by both students and staff of cyber threats. IT teams should encourage cybersecurity culture training to make each person who connects to the network aware of cyber risks, especially phishing and ransomware. This would encourage users to think twice before clicking on an unknown link or attachment, or to double check the sender of an email requesting personal or account information. Additionally, schools could educate students and staff on the importance of regularly updating devices and applications to ensure they have applied the most recent security patches to potentially insecure code.
Technology use in education will only continue to grow, and with it, the attack surface that makes schools vulnerable. To enable technology use and the innovation it provides without compromising security, schools must be aware of – and strategize to mitigate – these three top cybersecurity challenges.
Read more about how Fortinet secures today’s educational institutions from K-12 as well as Higher Education.
Watch how ASU Research mitigated cyber threats to research data with Fortinet.
Watch how Merced Union High School District’s innovative approach to learning changed everything with Fortinet.
For more broader information, download our paper and learn about the top threats that security leaders are being forced to address and the security approaches to evalutate to protect against them.