Cyberattacks continue to rise, threatening the educational sector
As the 2022-2023 school year looms, so do ongoing cyber threats directly targeting schools, universities and school district administrations.
In 2021, there were an average of over 1500 attacks on education and research organization per week and these numbers are expected to continue to rise through 2022.
The educational sector is massive and varied to begin with: it reaches urban, suburban, and rural areas, and spans varied populations of students, faculty, staff and alumni with varying amounts of awareness about cyber security. This heterogenous population often makes applying consistent cybersecurity policies a challenge.
The spike in attacks on education has also been exacerbated by the pandemic-fueled shift to online learning technologies. As IT departments needed to pivot rapidly to digital platforms, the number of possible cyber entry points increased.
Why are educational institutions being targeted?
There are a few reasons schools and universities are the perfect targets for cyber criminals.
- A Glut of Data
Schools of all sizes are hotbeds of personal data. Student, teacher, administrator, and staff data is usually all stored in a single network. Other industries (like the financial sector) may offer better payouts but often mount a better cyber defense. Educational institutions, on the other hand, are often extremely vulnerable. Cybersecurity continues to not be managed as the huge threat it is.
- Home-made Entry Points
While the majority of lockdowns are in the past, the entire landscape of folks working and learning from home has changed. The combination of WFH and digital learning means unsecured collective networks.
Shared and unsecured home networks are also targets for cybercriminals. At-home networks where both children and parents are accessing the same systems for a combination of work, education, and entertainment often means a messy and easy to breach situation. When one person using the network has their password stolen, or clicks a phishing link by mistake, it has the potential to affect other accounts. Cyber criminals are eager to use credentials for one account to access others.
- Lagging Software and Resources
Many educational institutions already suffer from a lack of funding and a lack of support for technological investment. IT departments may not have the resources to properly secure their fleet of devices—often, students of all ages are using out-of-date equipment. The issue of cyber threat is compounded because old software is no longer eligible for security patches or tech support, making entry into systems even easier as time passes.
What to Do
Educational institutions of all sizes must distribute funds and time to cybersecurity concerns and defenses. Requesting budget increases, reallocating existing funds, and when possible, investing in defensive solutions is the path forward.
Institutions like NIST can provide IT teams at educational facilities with a set of guidelines to help with best practices, such as driving better password hygiene. Given that upwards of 60% of data breaches involve stolen credentials, focusing on strengthening the password layer can rapidly address vulnerabilities for an educational organization.
The vast majority of people—teachers, students, and administrators included—reuse passwords across many accounts. Cybercriminals are wise to this, and to the many easy patterns most users choose for their passwords, so this layer is a priority.
Fortunately, scanning for compromised credentials is an effective way for IT teams to evaluate and improve password hygiene. IT teams previously had little visibility to the problem of password reuse. Now they havve a way to quickly detect unsafe credentials, a problem at the root of the majority of hacking related attacks.