2018 was a challenging year for the cybersecurity industry, as tactics, traits and techniques continued to evolve, and there is an increasins focus on cybersecurity in schools. The modern cyber battlespace now includes schools, with huge increases in cyber hacks on schools from 2018-2019 alone. Schools have been found to be ‘soft targets’ in the cyber threat world due to having low to no cybersecurity strategy or protection.
Recently there have been a number of high-profile attacks on schools in the Asia-Pacific region. Countries affected include Australia, Japan, India and over 400 cybersecurity-related incidents involving U.S. public schools since 2016, according to the K-12 Cyber Incident Map. Within Australia and the K-12 school system, there has been a predominate focus on dealing with cyber-bullying, image-based abuse and irresponsible online behaviour. Classrooms are increasingly led by technology and are reliant on software applications, web-based platforms and mobile technologies to facilitate learning. This technology also serves as an entry point for illicit harvesting of personal identifiable information (PIIs), and unregulated third-party access.
Schools are major users of web-based platforms, digital technologies and data type management systems, holding sensitive and personal data for teachers, staff and students. Online collaborative tools, including learning management systems, gradebooks, and emails lack significant privacy controls, access management issues and poor password control.
Increased use of cloud services, POS terminals, tap-and-go technology, remote user access and social media platforms mean that schools are vulnerable to unauthorised access and security threats. Passive data collection by third-party vendors and hackers accessing CCTV camera systems on school grounds leave students and teachers exposed.
Schools and technology-led classrooms have become a gravy train for data mining, unregulated third-party access, geo-tagging and access control challenges. However, reliance upon digital technologies across K-12 to facilitate the core curriculum is prioritised. Schools are caught within the digital economy, where data is stretched across various platforms and devices.
Cyber Threats Continue To Grow And Evolve
As cybersecurity threats evolve, so must we. Not only regarding school cybersecurity, but also in general. Technology is continuously changing, and in turn the cyber threat is continuing to evolve due to the prevalence and sophistication of social engineering tactics, the multitude of smart-devices connecting to school networks, improved hacking abilities and motivations and overall poor cybersecurity.
According to Fortinet (a company which develops and markets cybersecurity software, appliances and services), the education sector has recently surpassed healthcare and government as the industry that suffers the most ransomware attacks. Last week a school in Los Angeles paid a huge sum of US$28,000 to regain access to key systems after being hit by a ransomware attack. Reports suggest US$1billion may have been generated from such scams in 2017.
A school in Geraldton, Western Australia, was hacked in July 2019, with the 4-day cybersecurity attack described as highly sophisticated and automated, and reportedly targeting other education institutions known for their financial services.
Another cybersecurity breach occurred recently at the Australian National University, which suffered a huge security breach. The University opened just one email, which instantly cracked the Australian National University’s network, giving sophisticated hackers access to a wealth of information.
Mitigating school cyber threats requires improved cyber resiliency awareness across all educational systems from preschools through to K-12 and universities, focusing on protection of student, parent, and staff personal information.
Agilient’s consultants are experts in cybersecurity strategy and policy, tailoring and managing each client’s unique cybersecurity needs. At Agilient, we specialise in a variety of cybersecurity services including Risk and Compliance management, Cyber Security Risk Management and Penetration Testing. Get in contact today to see how we can assist you in your business.
Author: Jasmin Harvey, Agilient Consultant.