Critical security concerns for the education industry

Balancing cybersecurity & compliance requirements in a resource-limited industry

Executive summary

The education industry has become a top hacker target: birth certificates, Social Security numbers, medical records, financial data, biometrics and even intellectual property give cybercriminals ample motivation to access educational databases and sell this data on the black market.

Aside from the typical security challenges facing the industry like phishing and malware, students themselves present another level of risk. The same young minds challenged and stimulated in classrooms can become cyber offenders, since they usually have ample access to technology, spare time and, often, poor judgment concerning the consequence of their actions.

This may lead to undesirable situations, including improper online conduct or even complex and damaging issues such as fraud or cyberbullying. Organizations in the education industry failing to understand these risks as a natural part of business will probably discover — the hard way — how damaging security incidents can be to operations, finances and reputation.

In the following pages, we review critical security concerns facing the education industry and how security awareness training can help educational organizations increase their security posture and stay compliant.

Digital education and cyberthreats

Education, like other industry sectors, is going down the digital transformation pathway. The result is a mixed bag of digital measures to enhance and augment teaching. EdTech includes areas such as virtual reality, IoT and online learning portals; digital learning is increasingly interwoven with traditional learning.

With connectivity comes cybersecurity threats. The education sector is a target for a number of these cyberattacks, including:

Ransomware: In 2019, over 1,000 US public schools were victims of ransomware.[1] One school, Rockville Center School District, paid a ransom of $88,000 to receive a decryption code for ransomware-encrypted files.[2]

Trojans: Security vendor Malwarebytes found that education is the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: