It might surprise you to know that the education industry is a prime target for malicious hackers. While threats in this sector are on the rise, many education institutions are not prepared for a cyber attack nor do they know how to recover from one. In fact, there were 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days. A 2018 Education Cybersecurity Report published by SecurityScorecard also found that of 17 industries, the education sector ranked dead last in total cybersecurity safety. Schools are leaving themselves open to student and faculty identity theft, stolen intellectual property, and extremely high cost data breach reconciliation. In fact, a study done by the Ponemon Institute shows the average cost of a data breach in the education sector is $141 per record leaked.
This industry faces some unique cybersecurity challenges:
- Historically, this industry is based on the free exchange of information, i.e the philosophy that information should be readily available to all. The use of computers and internet in education has allowed information to be stored and accessed in many different ways, creating vulnerabilities in storage, network security, and user error which leaves systems susceptible to hacks.
- Students and staff may have limited technical skills and prowess to know how to stay safe online.
- Online education systems are highly distributed across multiple schools in a district or across state lines, making it easier to infect one system to gain access to all.
- Computer systems used by schools often lack a single application, or “source of truth” to safely manage student and employee identities.
- There’s a significant change in the user population every year due to students graduating and new students enrolling, making it difficult to track who is using certain resources and who has access to them.
- Remote access is often required, with students and parents accessing systems from home computers and smartphones. When you access an online resource repeatedly from potentially vulnerable or unsecure networks, it creates more opportunity for hacks.
So how can educational institutions better protect themselves against looming cyber threats?
- Shift the focus to prevention instead of mitigation – by making the focus on securing data before an attack happens rather than after, organizations will be better prepared to protect students and staff against a breach.
- IT directors and security operators within educational institutions would be wise to consider persistent training solutions for their teams to optimize existing cyber skills so they don’t go “stale” after a period of time.
- Likewise, perform a security audit and work across departments to understand all the digital systems in place (financial, teacher, student portals, etc.) and where vulnerabilities might exist.
- HR departments of institutions should consider updating or adopting employee security awareness training to ensure every education-employed professional working on a computer understands the basics of cybersecurity and how to stay safe online.
- Minimize internal threats – Verizon’s 2019 Data Breach Investigations Report found that nearly 32% of breaches involved phishing and that human error was the causation in 21% of breaches. Proper and continued training and awareness around security issues is key in preventing possible attacks.
- Make cybersecurity a priority in IT budgeting – Schools and other educational institutions need to recognize the growing cyber threatscape and prioritize allocating funds to training tools, IT teams, and continued education for internal staff.
Circadence is here to help. Cybersecurity in the education sector is more important than ever, and our immersive, gamified cyber learning platform, Project Ares , can help ensure that your cyber team is ready to defend against malicious attacks. Our inCyt product (coming soon!) will keep everyone else in your organization up to snuff on cyber defense and offense. We pair gamification with prolonged learning methods to make learning and retaining cybersecurity tactics simple and fun for all. Don’t let your institution and students be next in line for a breach–think inCyt, and Project Ares when you think cybersecurity for the education sector!
If you’re still looking for more information on education and cybersecurity, check out this white paper: handy references: The Faces of Cyber Ranges: Tapping into Experiential Skill Building for Cybersecurity Teaching and Learning White Paper
Photo by Vasily Koloda on Unsplash