By Tamer Odeh, Regional Director at SentinelOne in the Middle East
The new normal has clearly defined the need for educational institutions to make cybersecurity a priority. Despite the schools being closed as lockdowns were implemented across the world, the frequency of the cyber-attacks has increased, as education has gone online. Cyber-attacks can cause major disruption to schools’ operations and in some cases, downtime can last for more than a day. Educational institutions are entrusted students’ safety and a breach in the school’s security, or weak cybersecurity infrastructure, can compromise that trust. Cybersecurity infrastructures in education are focused on protecting against financial loss and preventing disruption, while crucial for protecting students from harm.
Education venues are subject to a very diverse array of cyber-attacks. As these institutions vary in size; thus, the cyber threats vary too. Institutions need to evaluate the risk and understand the risks completely to be able to address them. Data theft is the most common type of attack affecting the education sector at all levels. Schools and universities hold student’s data and sensitive details which are valuable to cyber criminals for several reasons. This information can be exploited or sold to a third party. Coupled with enticing rewards is the fact that students make for easy victims of phishing scams. Students’ lack of experience combined with a tendency to use simple passwords across multiple services makes them prone to credential harvesting and password-spraying attacks. In March last year, a British school in Dubai faced such cyber-attack on its network but was dealt with proactively. Compromised accounts were identified, and ambiguous URL links were blocked. As a result, the hackers gained very limited access, and the system resisted further attempts to circumvent the additional layers of its network security.
The DDoS attacks (Distributed Denial of Service) are also a common type of attack on all levels of the education sector. In this type of attack, cybercriminals can cause widespread disruption to the institutions’ network, greatly affecting schools’ normal operations. These are also the most common type of attacks, but the most concerning aspect of this type of attacks are that hackers go unnoticed for long periods.
Financial gain is another motive for hackers to carry out an attack. Public and private institutions manage a large amount of cash, which is a prime target for cybercriminals. Without proper protection or preparation on the part of education institutions, this presents a weak spot for cybercriminals to intercept.
Lastly, espionage is a crime where there is a threat to an institution’s intellectual property, as most universities and higher institutions are research centers as well. It is not only schools that are being targeted for espionage. Higher education institutions are also vulnerable to cyber-attacks. Several universities and colleges have suffered from ransomware attacks, information leaks, and email hacking in the past year. Unlike schools, universities and academic institutes are also being targeted by more sophisticated attackers interested in stealing the intellectual property (IP) and research data produced there.
Subsequently, understanding these crimes and cybercriminals’ motives behind them can help us identify ways to protect against them. In the absence of the kind of dedicated resources typically found in other sectors such as security operations center (SOC) teams, in-house red teamers or penetration testers, the defense systems installed in educational organizations carry a greater burden and must deal effectively with threats. A solution that can autonomously detect and respond to attacks can help mitigate the lack of human resources so that only in the event of a particularly severe attack is the intervention of professionals required.
In the case of ransomware, the source of the attack is most likely to be contained in an infected file sent via email. In such cases, the EDR protection system must identify the file as soon as it tries to install itself on the endpoint, disable it and delete it from this and all other endpoints across the organization. This will prevent the attack at the infection phase and prevent the loss of services in the educational institution. Similarly, a solution that can rollback a device to a healthful state, including decrypting encrypted files, should be high on the institution’s security shopping list.
Moreover, schools and academia are in the crosshairs of cybercriminals and will continue to be so for the foreseeable future. But educational institutions can also offer some hope of future relief. Policymakers understand that cyber education should start at an early age and that educating young people about cybersecurity could lead to them, one day, becoming cybersecurity professionals, so badly needed in the industry nowadays.
The Ministry of Interior and the National Programme for Happiness and Wellbeing of the UAE launched the ‘Child Digital Safety’ initiative in March 2018; a joint effort to raise awareness among children and school students about online threats and challenges, and to promote the safe use of the internet. This initiative also helps raise awareness amongst parents and educators with solutions and global best practices that can be used to address these challenges and increase digital safety to create a safer learning environment.
Similar programs in other countries could eventually improve an individual’s resilience and have an adverse effect on the explosion of cybercrime. It would also generate young adults who are proficient in cybersecurity and will naturally be inclined to join the industry upon graduation.
The importance of protecting our education system from cyber-crime, especially post-COVID, cannot be overstated. Not only do schools, colleges, and universities provide vital services to our society and economy, they are rich treasure troves of sensitive data. From personal information like birth records, educational history, social security numbers, and financial data to intellectual property and cutting-edge research, the data held by these organizations is among the most useful to cybercriminals and advanced threat actors. And yet, these storehouses of precious data are perhaps among the least well-defended and under-funded in terms of cybersecurity. As a result, administrators and policy makers must address these shortcomings as a matter of urgency.