In recent times, educational centers have been a clear focus of cyber-attacks, being victims of more threats than sectors such as finance, healthcare and government. The report The State of Ransomware in the Education Sector 2023 reveals that this year 80% of schools suffered some kind of attack.
In fact, more than half of educational organizations have paid a ransom to recover stolen data. According to the Sophos report, 79% of the higher and primary education organizations surveyed were attacked by ransomware.
Typically, cybercriminals illegally access the organization’s network, encrypt the data on it, and demand a financial ransom to return all encrypted data and information.
In the ideal scenario, if the affected organization accepts the blackmail and makes the payment, the attackers will proceed to return the stolen information. In the worst-case scenario, the company may pay the ransom but not receive the data.
Considering the findings of the ramsonware report and the constant emergence of new cyber threats and attack typologies, educational organizations should start defining their Cybersecurity strategy to increase their level of digital maturity and effectively protect their IT systems and assets.
But, how should they start and what aspects should they take into account before defining their roadmap for a more secure school?
Who are the most common cyberattack suspects in schools?
The first step is to analyze the potential attackers and define what their interests might be. For example, a potential attacker could be the students of the school who penetrate the system to change their grades or those of a classmate, either for the better or for the worse. But there may also be other objectives at play, such as finding personal information about a tutor, changing the student lists for the next school year to shape the classrooms, among other motivations.
But the attackers are not always linked to the school. In fact, it could be that the attack comes from a person outside the center. In these cases, the purpose of the attack is usually economic – they simply seek to steal as much money as possible from the school -, although the objective of stealing information about school employees or students is not ruled out.
Another possible attacker could be any school worker:
- A teacher dissatisfied with his or her working conditions, who seeks to expose the school’s management model.
- A teacher who wishes to harm a colleague by threatening to reveal sensitive information about him or her.
- A teacher who threatens to reveal sensitive information about the school unless the school changes certain conditions towards himself or a student.
Once the possible attackers and their motivations have been analyzed, a critical phase arrives in order to prevent and stop the offensive. It is time to ask what possible actions or mechanisms cybercriminals could carry out to perpetuate the attack.
Impersonation is the most common way to perpetuate cyberattacks on schools
The most common and easiest way to carry out a cyberattack on a school or educational center is to impersonate someone who has access to all the school’s information. The cybercriminal implements malware in the systems and directly accesses the platforms where the data he wants to modify is located.
If the attackers are people who work or study at the school, the use of pen drives makes it possible for them to modify the information on the computers directly, thanks to their easy access to the terminals.
Analyzing the measures that could be implemented to circumvent this type of attack is crucial for any school or educational center. The best way to protect sensitive information and confidential data is to get help from specialized security partners who have an expert team in advanced threat detection, investigation and response (TDIR).
They can help the educational organization to correctly define a new cybersecurity strategy and activate some basic “firewall” measures.
Backup copies
It is crucial for the security of the school to make backup copies and store them outside the school’s network. It makes the most sense to have an up-to-date copy of all grades, student and staff information, class group lists, etc, outside the school’s computer system…..
This way, if the school is ever attacked, IT or cybersecurity specialists will be able to review what information has been stolen and put everything back in order.
EDR systems
To prevent the theft of information or the installation of malware via USB sticks, it is essential to use an EDR system. This allows the school to continuously monitor and analyze the endpoint and the network to identify, detect and prevent advanced threats (APT) more easily.
By installing a specialized tool it is possible to make computers reject those USB sticks that do not seem safe to them, preventing the user from editing or stealing information from the computer.
Update antivirus & Software
Although it may seem obvious or simple, another way to prevent cyber-attacks in the classroom is to activate and keep antivirus software up to date.
In parallel, it is important to improve internal software to protect systems and computers from malware, an external software that is installed on computers without the user’s consent and performs malicious actions, such as stealing passwords or money.
Activate VPNS
Activating VPNs (virtual private networks) on the center’s computers will help dodge hacker attacks. By having your own network, attackers don’t know exactly where you are, because the real IP is encrypted, and they must pass double authentication when logging in.
This makes it more difficult for hackers to impersonate other people. It also allows the school to carry out optimal surveillance of all movements made by the school’s employees and students when they use the computers during school hours. At the same time, they can monitor and be alerted in case someone is trying to manipulate the school’s systems.
All the problems listed in this article can happen at any time of the year. However, “back to school” is the most dangerous time of the year for schools, colleges and educational institutions in terms of cybersecurity.
The scam of incorrect payment for school supplies
During this period, for example, there is an increase in cases of phishing, a cyber-attack that consists of extracting personal information and bank account data by swindling/cheating users. An example of this type of attack can be seen in online purchases of school supplies.
Hackers take advantage of this opportunity to carry out fraudulent scams by impersonating the company supplying the books, uniforms or supposed school supplies, with the excuse that the payment has not been made correctly. These cyber-attackers ask users/buyers to re-enter the card number and security code. If the buyer falls for the scam and enters the data, the cybercriminals will be able to access his account whenever they want and withdraw as much money as they want until the affected person realizes it.
That is why, apart from implementing or executing the security measures expressed in the previous paragraphs, it is advisable to have an external continuous monitoring team, also called SOC (Security Operations Centers), which will keep you safe from all the dangers linked to the education and teaching sector.
Would you like to get a demo of our SOC? Ask for our Threat Detection and Response department by filling out the contact form.