It’s no surprise that educational institutions are attractive targets for cybercrime. Restrictive budgets and small IT teams, combined with a sudden shift to remote learning due to the pandemic, creates a perfect storm of opportunity for threat actors to deploy ransomware, malware and other malicious behavior.
Despite those challenges, there are a few things that IT leaders can do to secure educational institutions.
IT teams in the educational sector must deal with budgetary constraints, administrative politics, and a whole lot of red tape. Limited budget and staff are two of the biggest obstacles that prevent IT leaders from investing in cybersecurity.
Evaluating an educational institution’s tech budget is a complex process fraught with public scrutiny, which leads to most IT leaders in education operating on a shoestring budget. For example, IT leaders and administrators in education must account for operational IT spend as well as classroom edtech. They must also deal with pressure from public audits that may reveal mismanaged funds, backlash from prior investments, and spending on projects that don’t directly address students’ needs.
For educational institutions, cybersecurity spending must contend with a variety of other technology needs, including personalized learning, digital content, classroom technology, mobility, and infrastructure upgrades. Similar budgetary concerns also exist for both private and public universities and colleges.
And that doesn’t even account for Covid-19, which had a significant impact on educational institutions’ budgets. Distance or remote learning required more investments into edtech software like G Suite Enterprise for Education or Microsoft 365 Education, plus uncertainty about state budgets created further challenges for prioritizing cybersecurity.
When it comes to cybersecurity in education, there are also staffing hurdles to overcome. It’s common, for example, for IT staff within educational institutions to have many responsibilities, from server maintenance and infrastructure upgrades to resolving helpdesk and support tickets. Only 18% of school districts have a dedicated, full-time staff member focused on cybersecurity, according to the Consortium for School Networking (COSN). Plus, lower budgets in education make it difficult to hire and retain cybersecurity talent without a competitive salary to offer.
Limited budgets and staffing means that the educational sector has always been an attractive target for cybercriminals, but recent circumstances have worsened the issue. In 2020, the education sector experienced the highest level of ransomware attacks out of any industry, according to a Sophos study.
There are a variety of factors that make securing an educational institution a difficult task:
Sudden reliance on technology due to Covid-19. The rapid shift from in-person classroom learning to online learning made the education sector particularly vulnerable to adversaries. Educational institutions were forced to switch to virtual classrooms with short notice, which meant that there was little time to prepare security strategies or invest in new infrastructure. The pandemic also overloaded already stretched-thin IT staff as they supported staff and students adjusting to new technologies. 74% of IT teams in education said that cybersecurity workloads increased due to the pandemic, according to Sophos.
Due to the pandemic, IT leaders in education saw an increase in compromised email accounts, phishing emails and emails with malicious payloads, said Keith Bockwoldt, CIO of Hindsdale Township High School District 86, in a webinar. ‘Zoom bombing’ was an issue in the early days of the pandemic, although that has largely disappeared due to Zoom’s updates.
More devices = more attack surfaces. The number of endpoints is also increasing in educational institutions, increasing the attack surface for adversaries. Approximately ⅔ of middle and high school classrooms have 1:1 ratios for devices. Besides school-issued devices, most students and staff often connect their personal devices to the school network, which makes the environment particularly difficult to secure. Colleges, in particular, have many personal devices on their network, since students bring both personal laptops and mobile devices.
A treasure trove of valuable data. Schools have access to students’ personal information like names, ages and addresses that threat actors can sell on the dark web. According to Ponemon, educational records are worth up to $265 each on the black market. Plus, universities and colleges often have access to valuable intellectual property and research that is useful for espionage purposes.
Securing an educational institution can seem like a daunting task — especially as IT leaders in education juggle so many different priorities. Fortunately, IT leaders are aware that cybersecurity needs to be at the top of the list; for the third year in a row, cybersecurity was the top edtech priority for IT leaders, according to a COSN study.
There are some best practices that IT teams in education can follow, even with limited budgets and staff:
Prioritize end user training. IT and security teams should know about ransomware warning signs, but so should end users. Phishing emails that look legitimate but are embedded with malicious links or attachments are often the first step of a ransomware attack. Phishing attacks in education increased up to 9x from pre-covid levels, according to COSN.
At a minimum, IT and security teams should inform staff and students about how to spot a phishing email. More formal security awareness training is even better, but an informal chat about what a phishing email can look like and what to do is a good first step.
Deploy Sysmon. When it comes to preventing ransomware, it’s important to have visibility into an environment. Endpoint detection and response (EDR) tools can achieve that, but they can also be expensive and out of the question for educational institutions with limited budgets. System Monitor (Sysmon for short) is a free Microsoft utility that small IT teams can use to get visibility into their environments. Sysmon is part of the Sysinternals software package and provides a higher level of event monitoring than the standard Windows logs. It records events such as network connections, process creations, file hashes, and changes to the Windows Registry.
At a minimum, IT leaders without the budget for an EDR solution should deploy Sysmon for enhanced logging that can provide a wealth of data about endpoints. Since Sysmon is free, it does require more care and feeding than a plug-and-play paid tool. IT must deploy updates as they are released and make configuration changes as necessary, but those tasks generally fall under the umbrella of standard patch management. Installing and configuring Sysmon is relatively easy and can be achieved in a few steps.
Implement threat detection and response. Using Sysmon and a centralized log management tool will provide some visibility into an environment and help with alerting, but small IT and security teams need to know how to respond to those alerts. A threat detection and response solution like Blumira alerts IT and security teams on suspicious behavior that is indicative of a ransomware attack.
Blumira is a threat detection and response platform built specifically for smaller, resource-strapped IT and security teams. Blumira serves a variety of customers in the state, local government and education (SLED) sector, and our team is tuned in to the unique challenges that educational institutions face.
One of our customers, Lawrence Technological University (LTU), is a private university with a small IT team. They needed security insight into their environment to make their lives easier, as they focused on handling the day-to-day IT management of the university.
Blumira stands out to educational institutions like LTU for a few reasons:
Easy to use. Blumira is easy to use and deploy, enabling educational institutions to easily prove ROI and receive immediate value. Deployment takes a matter of days, not months.
Acts as an extension of your security team. Blumira not only alerts IT teams about malicious behavior, but also gives steps for remediation through in-depth security playbooks. Blumira includes access to security experts that will give guidance on next steps and act as trusted partners in a security program.
Ready to get started? Our free SIEM is easy to set up.