Oh, yeah. Oooh, ahhh, that's how it always starts. Then later there's running and um, screaming...
- Dr. Ian Malcolm
In the past years, if Security risk was an archaeological site, Education would be found at the bottom of the dig, i.e., as industrites go, Education was the least vulnerable. This was primarily due to the low motivating goals for the hacking endeavors:
- Disrupt school operations;
- Harm or otherwise take advantage of individuals associated with schools; and
- Disable, compromise, and/or re-direct school technology assets.
A New Threat on the Horizon…
The vulnerability geography has changed now with the focus on data. It doesn’t take a archaeological scientist to figure out that hitting data records, before they are surrounded
with state of the art security, is a immensely easier.
People forget that
there’s also the wealth of data that schools routinely collect on students and
store on their servers, from Names, Addresses, ID's, SSN, attendance records, to medical issues.
However, criminals don’t forget…
In 2013, about
15,000 students at Sachem School District in Long Island, New York, had
personal data, including school ID numbers and the names of those receiving
free or reduced lunches, posted to an online forum.
In Jersey City, New
Jersey, a charter school last June was able to obtain names, addresses, phone
numbers, dates of birth and possibly Social Security numbers of students
attending traditional public schools to mail them registration forms, according
to the Jersey Journal.
And teachers’ data,
including Social Security numbers, was compromised during an attack at Prince
George’s County public schools in Maryland — affecting 10,000 of the district’s
nearly 24,000 employees, the Washington Post reported last November.
“I don’t think
there’s a school district in America that doesn’t have important digital assets
sitting on a computer somewhere that needs to be protected,” said Michael
Kaiser, executive director of the National Cybersecurity Alliance. “We know
schools sometimes don’t like to report incidents. Responding right away and
bringing in law enforcement should be encouraged.”And this is just Education,
for a broader perspective see:
K12 Vulnerability Rising…
According to
Verizon’s 2016 Data Breach Investigations Report, the education sector ranked
sixth overall in the US for the total number of reported “security incidents”
last year. This was notably higher than two other industry sectors which have
also been plagued with security problems: healthcare (153 percent higher) and
retail (160 percent higher).
Why are the Schools so Vulnerable?
These are five of
the biggest threats to network security facing K-12 school districts in the
coming year. By focusing on these key factors, you’ll be able to make a smarter
decision about where to focus your attention during the summer months full of
new projects.
I. Legacy
infrastructure:
Outdated infrastructure continues to be one of the greatest threats to ensuring network security today. Maintaining on-premise servers leaves schools vulnerable if their network is compromised. Older hardware may also have security flaws that can be manipulated and used as a foothold to go deeper into your network. Migrating to a cloud-based system will provide a number of benefits, including the protection of student body PII (personally identifiable information).
Outdated infrastructure continues to be one of the greatest threats to ensuring network security today. Maintaining on-premise servers leaves schools vulnerable if their network is compromised. Older hardware may also have security flaws that can be manipulated and used as a foothold to go deeper into your network. Migrating to a cloud-based system will provide a number of benefits, including the protection of student body PII (personally identifiable information).
II. Cyberattacks:
Cyberattacks are the greatest external threat posed to network security. Unfortunately, the scale and complexity of these attacks continue to increase at a torrid pace. But procuring basic antivirus software won’t be enough. Instead, you’ve got to layer your security strategy with advanced and customized solutions that will protect against DDoS, ransomware and a wide variety of other malicious attacks.
Cyberattacks are the greatest external threat posed to network security. Unfortunately, the scale and complexity of these attacks continue to increase at a torrid pace. But procuring basic antivirus software won’t be enough. Instead, you’ve got to layer your security strategy with advanced and customized solutions that will protect against DDoS, ransomware and a wide variety of other malicious attacks.
A lack of funding is certainly a challenge to any administrator interested in beefing up network security. But after most school districts began seeing their funding cut during the 2008 recession, much of that money has yet to make its way back into the education system. This has made it more difficult to acquire top IT talent, as well as patch together an effective network security strategy.
IV. Lack
of training (Ironic, yes?):
An informed user is one of the most important parts of a successful network security strategy. Unfortunately, many of the people using computers in your schools—students and teachers— are not up-to-date on best practices for maintaining security online. Because your network is only as strong as your weakest link, it is critical to provide your student body with a wealth of resources and training to understand the impact of the actions they take online.
An informed user is one of the most important parts of a successful network security strategy. Unfortunately, many of the people using computers in your schools—students and teachers— are not up-to-date on best practices for maintaining security online. Because your network is only as strong as your weakest link, it is critical to provide your student body with a wealth of resources and training to understand the impact of the actions they take online.
V. Unsecured
technology:
Computers, laptops, tablets, phablets, and smartphones. Need we go on? The influx of connected technology into your schools is likely to continue again in the new school year. Each of these devices represents an infection point for malware and hackers to enter your network. Don’t let the new school year begin without having a series of safety nets in place to secure any new devices connecting to your network.
Computers, laptops, tablets, phablets, and smartphones. Need we go on? The influx of connected technology into your schools is likely to continue again in the new school year. Each of these devices represents an infection point for malware and hackers to enter your network. Don’t let the new school year begin without having a series of safety nets in place to secure any new devices connecting to your network.
What is the answer?
School
cybersecurity is a challenging issue, but it is possible to greatly reduce the
threats they face.
Although this won’t
be easy, schools have to invest in modern cybersecurity. A good benchmark is to
spend no less than 2.5 percent of the annual budget on IT security improvements
and modernization, although more is always better.
Most importantly,
however, schools have to do a better job of protecting sensitive data. Every
school system needs to determine what its most sensitive data is, map that data
throughout the network(s), and prioritize its security. There are multiple
steps needed to protect data, which include encryption, reduced access,
back-ups/resiliency, etc. Schools also need to consider the possibility of
eliminating sensitive data when possible. This will reduce the burden they face
for protecting so much information on multiple platforms. For instance, instead
of maintaining unique school system-based logins/passwords, outsource that step
to third-party enterprises with greater security resources.
While schools will
always be a top target for hackers, by prioritizing cybersecurity, investing in
updates each year and focusing heavily on data-level protection, schools can
reverse the current trend of large data breaches.
___________________________________________
Source(s)
___________________________________________
We would like to thank our sponsors, for without them - our fine content wouldn't be deliverable!
Source(s)
- https://www.edtechstrategies.com/blog/how-should-we-address-cybersecurity-threats-facing-k-12-schools/
- https://www.coxblue.com/the-five-biggest-threats-to-k-12-network-security-for-the-2017-18-school-year/
- http://www.huffingtonpost.com/entry/americas-schools-have-a-big-cybersecurity-problem_us_57bf0366e4b06384eb3e770b
- http://www.wasabiroll.com/2016/01/20-facts-that-may-keep-you-from.html?view=classic
- https://www.fedscoop.com/cybersecurity-in-k-12-education-schools-around-the-country-face-risk-of-cyber-attacks/
____________________________________________________________
About Rick Ricker
An IT professional with over 23 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.
For more information, contact Rick at (800) 399-6085 x502
No comments:
Post a Comment
Thanks for your input, your ideas, critiques, suggestions are always welcome...
- Wasabi Roll Staff