When we visualize the types of industries that are victimized by cybersecurity attacks, we often think of banks and financial institutions, healthcare organizations, law firms or any large corporation with deep pockets. Yet the education industry, both K12 and higher education, are increasingly victimized as well.
There are a number of reasons for this:
Some of the more publicized attacks involving educational institutions in 2017 include:
This community college paid a bitcoin ransom of $28,000 after falling victim to a ransomware attack that locked up much of its network infrastructure including its email and voice mail systems. It paid the ransom on January 4th and fortunately, the criminals did send the decryption keys, which worked, allowing a full data restore.
This district that serves nearly 43,000 students was hit by ransomware in early February and was completely shut down for a week, forcing a school system that is highly reliant on technology to resort to pen and paper. School administrators agreed to pay $8,500 in ransomware to recover the data in a timely fashion.
This community college fell victim to a popular W-2 phishing scam in which the employee records of over 2,500 employees were compromised. Some of the information obtained by the hackers included employee addresses, wages and social security numbers.
The largest school system in San Antonio, Texas fell victim to a large security breach that compromised the records of over 23,000 former students and employees
In January, this Minnesota school district discovered that one of its students had hacked an internal server and downloaded over 15,000 employee records onto an external hard drive. Fortunately, the student was unable to share the contents of the download before being apprehended.
Unfortunately, today, no individual or organization is immune from the threat of cyberattacks. Although financial losses are a primary concern, there are many other factors that can affect a school long after the story is no longer headline news. Data breaches can deter a university’s ability to access the digital information and research of other organizations and institutions. A K12 district could lose the support of the community to fund future technology initiatives. In addition, the consequences of stolen user credentials is no different than the breaches that affect large media sites like Yahoo.
There is a fine-balance on what has to be allowed and what security measures can be put into place. Security in all educational organisations is a trade-off between the likelihood and potential impact of an attack and the financial cost or loss of utility that are incurred in defence.
One successful approach has been to segment and partition campus networks as much as possible so that the most sensitive and valuable data can be protected adequately while allowing for relatively open parts of the network to support educational and research needs. This can be complex and requires detailed risk analysis, management prioritization and associated security measures.
Are you an IT professional at a school, that wants to ensure sensitive school, student, and staff data and devices are protected? Talk to a specialist or Email us at firstname.lastname@example.org with any questions.
Sign-up for email updates...