How Education Tackles Cybersecurity
With technology becoming a cornerstone of how many school districts operate, the risks of getting hacked multiplies, and defending against cyber-attacks becomes an important part of any strategic plan. A new report from the IBM X-Force finds attackers are drawn to the education sector owing to the sensitive nature of some emerging research projects and personally identifiable information on students, faculty and organizations associated with universities and schools.
Despite all of these risks, the education sector comes in at ninth place among the most targeted industries, according to the 2019 IBM X-Force Threat Intelligence Index 2019. The most attractive industries for hackers include finance and insurance, transportation services, retail and manufacturing.
There are many risks in the school environment ranging from having poor security protocols in place to dealing with a large network of users who can bring malware into their networks through personal devices or email. “Aside from nation-states, educational institutions may be targeted by financial criminals looking to take over bursary accounts and student identities. Another relevant threat [is] hacktivists looking to champion a cause by holding an institute for ransom or threatening to release stolen data,” the report finds.
By identifying the threats, the report argues that it can help institution craft better solutions. Emerging and relentless threats include:
-
Financially motivated cybercriminals and nation-state groups that target a wide range of industries.
-
Attackers who direct their efforts and use of cloud services and misconfigured cloud servers that expose customer and employee data.
-
The exploitation of an institution’s supply chain or third-party relationships that can allow hackers to gain access to their primary targets.
When it comes to remediating these attacks, IBM X-Force is suggesting that organizations should conduct mutual penetration testing along with automated scanning. Students and faculty should also be educated on phishing and malware efforts to help institutions mitigate these threats. Organizations should also be doing exercises to determine how to respond to simulated cyber attacks and continuously innovate and share ideas with other response teams to share successful practices.
The full report is available for download here.
About the Author
Sara Friedman is a reporter/producer for Campus Technology, THE Journal and STEAM Universe covering education policy and a wide range of other public-sector IT topics.
Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.
Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.
Click here for previous articles by Friedman.