Immanuel Chavoya is a threat detection and response strategist at SonicWall.
As the spring semester came to a close, a wave of high-profile cyberattacks hit multiple colleges and universities including Kellogg Community College, disrupting IT services and forcing schools to cancel classes and finals. This fall could very well be similar.
Higher education has long been a target for cyberattacks due to colleges' research programs with potentially valuable data. These institutions are also often considered an easy target due to the large number of users and entry points on college campuses. But attacks are on the rise, with a wave of incidents hitting colleges across the country in 2022. In fact, recent data from SonicWall revealed surging attacks across the board in the first half of the year, with the overall education industry seeing a 110% spike in IoT malware attacks and a 51% increase in ransomware — despite a global decline in ransomware attacks.
Over the last two years, cybersecurity concerns have come to the forefront for many industries, with governments and critical infrastructure operators taking new steps to secure their digital assets. As the education industry faces the same impacts of rising cybersecurity threats, it is critical that educational institutions take the following steps to invest in their security.
Adopt a security mindset
There are two security mindsets. One philosophy that has become popular over the past several years assumes bad actors will get in no matter what, so colleges and organizations should use network monitoring to identify and mitigate threats. The other philosophy involves guarding the perimeter to prevent bad actors from gaining access in the first place.
Both have merits. Guard the perimeter to make cybercriminals’ jobs more difficult, and monitor the network in case those protections aren’t enough. This is especially important for education institutions, given the vast number of devices on their networks.
Guard the perimeter
One of the most effective ways to guard the perimeter is to adopt a "zero trust" framework — requiring continuous authentication and validation of all users before allowing access to data and applications. This can be daunting for an educational institution with many users and small IT teams, but it’s essential to ensuring data remains secure and in the right hands.
Additionally, arm users with the right tools and knowledge to protect themselves. According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involve a human element, so humans — the users — are an important first line of defense and critical component of your cybersecurity strategy. One way to set users up for success is to implement stronger password policies and multifactor authentication to add a layer of protection. This is particularly important since so many education tools run off the cloud and can be accessed nearly anywhere with just a password.
It is also important to train users — including students, educators and staff — to watch out for signs of a cyberattack. One of the most common attacks they should be aware of is business email compromise, or BEC, a type of social engineering scam deployed to get users to hand over fraudulent payments, login credentials and other sensitive information. According to the Internet Crime Complaint Center, BEC attacks are the costliest, with 19,369 complaints from the American public and a total loss of $1.8 billion in 2020 alone. Training users to watch out for these and other common attacks will ensure they think twice before handing over the keys to the kingdom.
Secure and monitor networks and Wi-Fi
Wi-Fi powers learning for college campuses and K-12 schools alike, and it also serves as an easy gateway for malicious attacks. One way to improve Wi-Fi security is through a content filtering service that compares requested sites against databases to deny access to potentially harmful websites.
But guarding networks requires more than Wi-Fi security. Implementing a network monitoring solution is crucial to identify security threats and performance issues and ensure all systems are operating properly and securely. Equally important is network segmentation — dividing networks into smaller parts — so that cybercriminals can’t take down your entire network in the event of an attack.
Prepare an incident response and disaster recovery plan
With the uptick in cybercrime against educational institutions, it is only a matter of time before your school becomes a target. This makes incident response and disaster recovery planning crucial for education providers.
One of the most important steps to prepare for a breach is backing up critical data. This ensures that the mission-critical data is available even in the event of a breach — without paying a costly ransom. A proper plan should also inform educators and other users of what to do and who to go to in the event of a suspected cybersecurity incident so that IT and security teams can respond quickly and minimize damage.
If 2021 was any indication, the threats facing the education industry aren’t slowing down any time soon, with never-before-seen malware and other threats continuing to rise. But if education providers prepare, they can greatly improve their chances against cybercriminals.