An entire US state declared an emergency last year after a series of hacks on its schools. This incident isn’t an outlier. Across the world, the number of cyber attacks targeting schools dramatically increased in 2019, according to UK and US numbers.
So, what makes education institutes such attractive targets for hackers? Young and uninformed users, along with relatively lax network security, could be some factors. Many children today use the internet without first understanding cyber risks, and school networks have historically been more open than those of, say, banks and financial institutions.
Now, with lessons shifting online, schools are becoming increasingly vulnerable to cyber attacks. Security firm CyberArk takes a look at what schools can do to protect their students, staff and servers.
What happens when schools are hacked
Cyber attacks are never good news, but they hit particularly hard when schools are targeted. The victims are a highly vulnerable group of people, and hackers can access all sorts of sensitive information, including socioeconomic status, learning disabilities, financial records and family contact details.
Around the world, schools and their students have fallen victim to cyber attacks. Some schools in Hong Kong were hacked last year, potentially exposing examination records and personal information of students, parents and teachers. In 2016, hackers got hold of the names, NRIC numbers, addresses and contact numbers of almost 50,000 people in a junior college in Singapore. In a recent attack, York University in the UK had to shut down its internet connection and many of its online services to limit the impact.
The damage isn’t limited to the data leaks. Some of the schools in Louisiana had to pay hundreds of thousands of dollars to retrieve the files stolen by hackers. Denmark’s University of Maastricht paid hackers US$220,000 worth of cryptocurrency late last year to regain access to its email system and computers.
What can be done?
What can education institutes do to protect themselves from hacking attempts? Budiman Tsjin, Solutions Engineering Manager, ASEAN from security firm CyberArk, sets out two things that can be done.
1. Teach and prepare students
First, schools should give cybersecurity lessons to teach students how to recognise and deal with cyber threats. Younger students in particular may not be wary enough of strangers they meet on the internet, or of new softwares they are downloading, explains Tsjin.
Moving lessons online also means students all have an Internet-enabled device, and constantly connected. “The implications can be quite wide as they may cross-infect their classmates as they share infected files or unknown phishing links,” Tsjin says. “This is on top of them losing their school homework, notes, or even having their various web accounts getting compromised.”
Schools in Singapore already teach cybersecurity as part of their syllabus and keeping up with the latest trends, while countries such as Spain, Argentina and Mexico have raised the importance of making cybersecurity a mandatory part of the curriculum.
Outside of the standardised national curriculum, there are projects that teach cybersecurity to schools. Voluntary initiatives hold day camps and provide free resources for students across the US, the UK and Israel, according to the World Economic Forum.
2. Protect the network
There’s another thing schools must do: protect their networks by securing ‘endpoints’. This includes any device that could give access to the network, like laptops, smartphones, tablets and sensors. “Protective control must be in place to allow known good software to be installed and run, known bad software to be blocked, and unknown software to be restricted,” explains Tsjin. “By protecting the endpoint securely, this will reduce the risk of running and getting infected with malicious software.”
For this to happen, schools need to be able to block and contain attacks, so hackers don’t gain access to an entire network through just one compromised account or device. This makes it harder for hackers to steal or lock up important information for ransom.
CyberArk makes this process easier. With their Endpoint Privilege Manager (EPM) solution, cyber response teams can easily control how much information an account is authorised to access. EPM helps ensure that users have access only to the resources they need for their routine work – an approach known as ‘least privilege’.
It also allows organisations to block and contain attacks at the endpoint. It alerts security teams to enforce granular least privilege policies for IT administrators, helping organisations effectively segregate duties on Windows servers, and reduce the risk of cyber threats.
Schools have been left to the mercy of hackers, and that has to change. As school servers take on more information with online learning, it’s crucial to prepare students for the risks online, and to reinforce network protection.