eSchool Media

Digital transformation increases cyber risks in education

By Anthony Giandomenico
Senior Security Strategist and Office of the CTO, Fortinet
August 28th, 2019

School systems going through digital transformation have a growing need for comprehensive network security. Learn how the threat intelligence provided in Fortinet’s Q1 2019 Threat Landscape report can help.

As the popularity of digital learning continues to grow, securing educational data and systems has become increasingly imperative. According to a recent report, 98 percent of school districts in America now take advantage of digital learning within their curriculum. Further, internet access within schools is growing, with 40.7 million more students now having access to high-speed internet than in 2013. However, to reach the FCC’s 1 Mbps/student goal, most organizations still need to increase their bandwidth, which in turn means increasing their attack surface.

The widening attack surface within the education sector calls for an increase in cybersecurity awareness. In order to aid educational organizations with their growing need for network security, Fortinet shares foundational threat intelligence on a quarterly basis in our Threat Landscape Report. In Q1 of 2019, FortiGuard Labs highlighted a number of threats that school systems should be aware of, including new ransomware, phishing, and DDoS attacks.

Cyber threats for education systems to track

As school systems go through digital transformation, they will face a growing number of security vulnerabilities that go hand-in-hand with trends like BYOD, data collection, and the need for increased bandwidth—all opening the door for a number of cyberthreats.

In the Q1 2019 Threat Report, the FortiGuard Labs team found ransomware, phishing schemes, and DDoS attacks to be prevalent attack vectors. In order for educational institutions to protect their networks, it is important that security teams start by understanding the systems these threats are targeting so they can be sure they are leveraging the right tools to protect against these attacks.

Targeted ransomware

Data reported in Q1 2019 suggests that threat actors are continuing to move toward more targeted ransomware campaigns. Multiple attacks reported during the quarter documented malware that disrupted operations and prevented file restoration in order to extort information and ransom payments from victims.

Many of these attacks seemed to be highly targeted. For example, a LockerGoga attack utilized malware that required administrative rights, and yet used a very low level of obfuscation to avoid detection. This suggests that the attacker had analyzed the victim’s network and had gained some sort of privileged access before running the attack.

Such tailored and targeted threats require more tailored and targeted defenses within education systems. Therefore, it’s recommended that school systems take an integrated, architectural approach to security, starting with incorporating NGFWs and web filtering solutions, and then implementing a comprehensive strategy that includes access control, intent-based segmentation, and centralized management. This will enable safe eLearning and keep students and staff secured from attacks and unknown threats.

Phishing schemes

Phishing attacks – often carried out via email – can result in the disclosure of personal data of students and staff. Data from FortiGuard Web Filtering Services revealed that an overwhelming majority of blocks to malicious, hacked, or inappropriate websites in Q1 occurred during the exploit and control phases of the Cyber Kill Chain. This makes sense because the devices, intentionally or unintentionally visiting these malicious URLs, are often directed there via phishing attacks for the purpose of exploitation.

This distinction seems to suggest that pre-compromise activity is 3 times more likely to occur during the workweek, when students are at school. This could be due to the fact that phishing exploits often require users to click on something. So, it is suggested that school systems differentiate weekday and weekend web filtering practices.

DDoS attacks

As social media continues to boom in popularity, especially among younger generations, content management systems (CMS) and development frameworks like ThinkPHP have been acting to meet the demand for the creation of more social-savvy websites. However, many of these tools have vulnerabilities that threat actors are taking advantage of using DDoS attacks, malware distribution, and botnets.

In order to protect education networks from DDoS and like attacks and ensure the constant uptime required of digital curriculums, it’s important to collectively practice sound security hygiene and stay aware of the vulnerabilities that can be targeted within lesser-known technologies.

Final thoughts

As educational institutions increasingly adopt internet-enabled educational tools to support digital transformation and deliver engaging and meaningful learning opportunities to students, they face innumerable IT challenges. Fulfilling the need for comprehensive network security within these environments, coupled with the rising popularity of bring your own device (BYOD) strategies and the requirement to fulfill compliance standards can be difficult to achieve with a limited budget.

By staying up to date with advanced threat intelligence, like that found in FortiGuard Labs’ Quarterly Threat Landscape Report, and investing in cost-effective security solutions, like NGFWs and web filtering solutions, school systems can keep their students and faculty safe while simultaneously enabling modern eLearning and digital education tools.

To learn more about the threats prevalent in today’s cyber landscape, read the full Q1 2019 Quarterly Threat Landscape Report.

Our 250+ Clients Include