Educational Organisations Continue to be Victims of Cybersecurity Attacks in 2017

Posted by Geraldine Hunt on Mon, Mar 13th, 2017

When we visualize the types of industries that are victimized by cybersecurity attacks, we often think of banks and financial institutions, healthcare organizations, law firms or any large corporation with deep pockets.  Yet the education industry, both K12 and higher education, are increasingly victimized as well. 

There are a number of reasons for this:

• Increased traffic generated by users as many school districts are now implementing one-to-one programs in which every student receives some type of computing device such as a Windows 10 laptop or a Chrome tablet.  Some threats such as ransomware are opportunistic types of attacks.  These attacks are not targeted but instead are generated from the actions of a user such as the visiting a drive-by website or the clicking of an email attachment or embedded link that was sent out in mass scale email.  Thus, the more time users spend on their devices, the more susceptible they are to opportunistic attacks.
• Many school systems and universities have more computer resources than many corporations, yet have IT staffs a fraction of the size of their corporate counterparts.  In addition, educational institutions contain treasure troves of personal data on thousands of students and faculty that include birth dates, social security numbers and even health records.
• The K12 user base is made up of minors who are more susceptible to social engineering attacks.  Though college students are somewhat wiser to cyber threats, they are inclined to fall for phishing attacks involving employment opportunities, college loan scams and other schemes that are targeted specifically to focus on areas causing them great stress and anxiety.
• Educational institutions are often interlaced with other government agencies for information-sharing purposes.  Because the security at school systems and colleges is often not robust enough to detect cyber threats, they are targeted by cybercriminals as a back door means of infiltrating other organizations of greater value.
• Colleges and Universities contain large silos of intellectual property generated by faculty research that can be of great value on the open market.
• Due to the increased pressure of obtaining scholarships, grants and employment opportunities, educational institutions are increasingly being attacked by their own students in attempts to alter grades or to simply cause disruption and chaos.
• The faculty and staff of educational institutions have been sheltered from the barrage of cyber threats that have been targeted upon the private sector for many years now.  Because of this, the enforcement of basic security policies such as forcing users to change their passwords is often met with resistance and objections, discouraging the proposition of future security improvements.

Some of the more publicized attacks involving educational institutions in 2017 include:

Los Angeles Valley College

This community college paid a bitcoin ransom of $28,000 after falling victim to a ransomware attack that locked up much of its network infrastructure including its email and voice mail systems.  It paid the ransom on January 4th and fortunately, the criminals did send the decryption keys, which worked, allowing a full data restore.

Horry County Schools in South Carolina

This district that serves nearly 43,000 students was hit by ransomware in early February and was completely shut down for a week, forcing a school system that is highly reliant on technology to resort to pen and paper.  School administrators agreed to pay $8,500 in ransomware to recover the data in a timely fashion.

College of Southern Idaho

This community college fell victim to a popular W-2 phishing scam in which the employee records of over 2,500 employees were compromised.  Some of the information obtained by the hackers included employee addresses, wages and social security numbers.

Northside Independent School District

The largest school system in San Antonio, Texas fell victim to a large security breach that compromised the records of over 23,000 former students and employees

South Washington County Schools

In January, this Minnesota school district discovered that one of its students had hacked an internal server and downloaded over 15,000 employee records onto an external hard drive.  Fortunately, the student was unable to share the contents of the download before being apprehended.

Unfortunately, today, no individual or organization is immune from the threat of cyberattacks.  Although financial losses are a primary concern, there are many other factors that can affect a school long after the story is no longer headline news.  Data breaches can deter a university’s ability to access the digital information and research of other organizations and institutions.  A K12 district could lose the support of the community to fund future technology initiatives.  In addition, the consequences of stolen user credentials is no different than the breaches that affect large media sites like Yahoo. 

There is a fine-balance on what has to be allowed and what security measures can be put into place. Security in all educational organisations is a trade-off between the likelihood and potential impact of an attack and the financial cost or loss of utility that are incurred in defence.

One successful approach has been to segment and partition campus networks as much as possible so that the most sensitive and valuable data can be protected adequately while allowing for relatively open parts of the network to support educational and research needs. This can be complex and requires detailed risk analysis, management prioritization and associated security measures.

Are you an IT professional at a school, that wants to ensure sensitive school, student, and staff data and devices are protected?  Talk to a specialist or  Email us at info@titanhq.com with any questions.