As seen on eSchool News

Don’t wait to secure your endpoints from cyberattacks

Understanding risks that your endpoints face is key to knowing how to mitigate these risks and keep information and systems safe
By Bob Turner, Field CISO for Education, Fortinet
September 21st, 2022

Understanding risks that your endpoints face is key to knowing how to mitigate these risks and keep information and systems safe

As we enter a new school year, among the myriad things that instructors and administrators need to be concerned about, ransomware remains high on the list. According to the K-12 Security Information Exchange, there were 166 publicly disclosed cyber incidents affecting 162 school districts across 38 states during the 2021 calendar year.

The rise of remote learning and the use of more devices comes with a price – more endpoints mean more opportunities for potential exploitation. This isn’t a new refrain, but we continue to see challenges facing endpoint security. Cyberattacks against schools can result in closures, not to mention high and unbudgeted remediation and recovery costs.

School districts are already grappling with one of the hardest missions out there – educating our youth – and having to worry about a potential data breach can’t take away from this. Fortunately, in this situation, knowledge is power. Understanding the potential risks that your endpoints face is key to knowing what needs to happen to mitigate these risks and keep your information and systems safe.

A proliferation of endpoints

Any device or application connected to your network is an endpoint. And the more technologically connected school districts become, the more endpoints there are. Even prior to the COVID-19 pandemic, the number of easily exploited endpoint devices connected to the networks was rapidly growing. Since then, the number has continued to increase as districts enabled remote learning and work options.

Do your teachers have tablet computers or iPads they use in the classroom and sometimes take off-site? Those are endpoints. Does your district allow teachers and staff to connect to the network using their personal devices? More endpoints.

One of the greatest threats to any network is endpoints that aren’t within control of the network – such as when teachers take their mobile devices home or when district staff connect external drives and personal devices onto a district’s network. Anytime a device is connecting – but isn’t securely and permanently attached to the network – it introduces risk that the device could bring an attack into the network.

Exploit trends show endpoints are still irresistible targets

Endpoints remind key vectors of attack as adversaries continue to target the growing attack surface. Many exploits of vulnerabilities at the endpoint involved unauthorized users gaining access to a system with the goal of using lateral movement to get deeper into the networks.

Vulnerability management and remediation are some of the most challenging problems for any organization to tackle, and multiple solutions, watchlists and warnings are specifically designed to help companies, organizations and end-users patch their software against known security vulnerabilities. However, even with the tools available and IT teams forewarned with up-to-date information, this doesn’t always happen in a timely matter – if at all. For IT teams at school districts, they’re often grappling with outdated software, overburdened IT professionals and understaffed teams, which all exacerbate the challenge. And unfortunately, threat actors know this.

Researchers looked at endpoint vulnerabilities for the first half of 2022 by volume and detections. What they found is a relentless path of cyber criminals attempted to gain access by maximizing both old and new vulnerabilities. In fact, some of those vulnerabilities are almost five years old and they are still being exploited. The exploit classified as CVE-2017-0199, which impacts certain Microsoft solutions, continues to be exploited even though official patches have been available for quite some time, for instance.

Patching the problems

Patching is not fun work. It’s often mundane and tedious, but extremely important to do. Being late, inconsistent, or sloppy in applying patches presents an opening to threat actors seeking an exploitable foothold.

What’s also needed is advanced endpoint technology, which can help mitigate and effectively remediate infected devices at an early stage of an attack. An endpoint detection and response solution should provide:

  • Secure remote access and remote web filtering: This allows students and staff to gain access to district resources without compromising network security.
  • Enhanced endpoint visibility and resilience: Complete visibility over all endpoint devices connected to the district or school’s network is essential for IT teams and will help them ensure each of these devices is resilient against potential threats.
  • Improved threat protection: Ransomware and other cyber-attacks aren’t going away, so IT teams must take proactive steps to ensure resources stay protected and schools can continue to operate effectively, whether remotely or in-person.

Improved security helps keep focus on education

There’s no getting around it: teachers and administrators have a really challenging job to do. Budgets are often limited, they’re dealing with a constant array of curriculum changes and staffing shortages, and the COVID-19 pandemic hit schools especially hard. The last thing schools need to be worried about is cybersecurity incidents that can further take time away from educating students. Ensuring your district is using best-of-breed endpoint security solutions will go a long way in keeping your networks safe and protected.

About the Author:

Bob Turner has years of experience as a higher education executive, board member, and thought leader with a focus on cybersecurity strategy and leadership, information assurance and business continuity planning, and information technology management. At Fortinet, he is the CISO for K-12 and higher education acting as a senior level strategic business and technical advisor for the cybersecurity community and business executives. Previously, Turner was a cybersecurity executive and Director of the Office of Cybersecurity reporting to the Chief Information Officer/Vice Provost for Information Technology at the University of Wisconsin at Madison. There, he built a cybersecurity team of 60+ cybersecurity experts delivering all cybersecurity services as well as improved university IT policy development by working with distributed IT and faculty governance groups to ensure cohesive approach to IT policy, governance, audit, and cybersecurity operations.

eSchool Media Clients and Partners