Educating the education sector on cybersecurity

The education sector is built on the foundation of creating opportunities and building knowledge for students of all ages. However, the sector itself also needs to learn and develop — many institutions don’t adequately reduce the risk associated with cyber threats, as was demonstrated recently with Queensland University of Technology’s breach. While all industries need to understand the importance of cybersecurity, it should be an integral part of the organisation when the livelihoods and personal data of staff, students and parents are at risk.

If an education institution hasn’t developed a strong cybersecurity posture, personally identifiable information (PII) such as student addresses, parent phone numbers or even a parent’s financial details can all fall into the wrong hands. That is why the education sector needs to focus on how to reduce its attack surface and how to respond quickly and effectively to threats.

The education sector is getting schooled by cyber threats

The education sector continues to be a prime target for cybercriminals. Sophos’s State of Ransomware in Education 2022 report found it is increasingly being hit by ransomware, with 60% of institutions suffering attacks in 2021 (compared to 44% the year before). Although not the most lucrative target for cybercriminals to attack, education organisations often have a weak cybersecurity infrastructure and are a goldmine for PII. Education institutions are less likely than others to detect in-progress attacks, which leads to higher attack success.

Unfortunately, the challenges do not stop there for the education sector. Sophos research found recovery remains a substantial issue, as the industry suffers the most impact from ransomware attacks. 94% of lower education and 97% of higher education respondents reported that attacks impacted their ability to operate, and as a whole, the industry reported the longest recovery time across all sectors. Furthermore, despite institutions paying the ransom 99% of the time, only 2% recovered all their data when doing so. When handling such precious information, the ability to recover quickly from threats is a necessity for the education sector moving forward.

How can education institutions harden their defences?

The education sector needs to bolster its cybersecurity posture, especially as threats continue to evolve in strength and complexity. For educational institutions, a balance of strong cyber-attack prevention with efficient response and mitigation needs to be actualised. Education institutions need to look to:

Reduce their attack surface

Cyber threats are looking to attack organisations from all angles and endpoints. For schools and universities especially, their dispersed network of student and teacher devices means a scattered range of endpoints needs to be protected.

Institutions should consider investing in cybersecurity as a service, to ensure they are protected 24/7. These third-party solutions such as managed detection and response services mean that cybersecurity experts proactively monitor the school environment, freeing up principals to focus on education with confidence their systems will not be breached.

For even stronger defence, institutions should educate students, staff and parents on cyber best practices through regular training programs and exercises. This helps them to better identify scams when they reach their inbox or smartphone, know what to do when one is received and ensure all-round good cyber hygiene.

Recover quickly from cyber threats

Recovery needs to be the key focus for the education sector and to successfully respond to and mitigate a successful cyber attack, a combination of education, best practices and technology solutions is needed.

Responding to a cyber attack begins before one has even occurred — institutions need to develop an incident response plan, as attacks can become overwhelming very quickly. Incident response plans will help determine the severity of the attack and correctly assign roles and responsibilities for the recovery process.

Key elements for a strong incident response plan include agility and adaptiveness to the changing threat landscape, proactive threat hunting and scanning so institutions can respond as quickly as possible and the implementation of third-party help. Institutions can also look to outsource and implement threat-hunting professionals and software, to ensure quick and accurate notifications and responses.

For institutions that manage PII for thousands of students, staff and parents, protection is critical. The education sector continues to be slow to respond to cyber attacks; however, when using the right technology and practices, the industry will be able to harden its defences by reducing attack surfaces and correctly mitigating threats. Education is always needed, especially for cybersecurity.

Image credit: iStock.com/sefa ozel