Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Chris Abbey
Chris Abbey
Connect Directly
E-Mail vvv

5 Key Steps Schools Can Take to Defend Against Cyber Threats

Educational institutions have become prime targets, but there are things they can do to stay safer.

The education sector has benefited significantly from digital transformation, enabling learning to take place anytime, anywhere. The advent of these remote learning capabilities, however, has also eroded the security perimeter, introducing a host of cyber-hygiene challenges. Schools are a prime target as they face budgetary cuts and insufficient cybersecurity awareness. So, how can we go about resolving this issue?

Understand the Rules and Their Limits
To build a comprehensive security program, it's essential that educational institutions understand the rules and regulations by which they must abide. Schools are uniquely positioned to face regulations that are specific to their industry. For example, the Family Education Rights and Privacy Act (FERPA) determines how student records are handled. The Children's Internet Protection Act (CIPA) demands that K-12 schools and libraries apply Internet filters to safeguard children from adult content and other potentially harmful information. There are also state-specific regulations, such as California's Student Online Personal Information Protection Act (SOPIPA).

Related Content:

DDoS Attacks on Education Escalate in 2020

Special Report: Understanding Your Cyber Attackers

New From The Edge: Fighting Fileless Malware, Part 3: Mitigations

Yet many of these regulations hardly provide guidance on how to balance compliance and security, leaving many schools in the lurch regarding how to prioritize and build. It is important to understand that these rules and regulations are built to ensure that schools are aware of their responsibilities and the consequences. They should help prioritize security controls put in place; disregarding these standards puts schools at greater risk of reputational damage, substantial fines, or a loss of funding from their governing bodies. However, it should not be the sole driver of their cybersecurity efforts.

According to Red Canary's annual "Threat Detection Report," the top three techniques that adversaries used to attack education organizations in 2019 were process injection, Windows admin shares, and scheduled tasks. The prevalence of these techniques doesn't seem to have been changed by the shift to remote learning due to COVID, and they still offer adversaries a way to infiltrate, spread, and remain within an environment, persisting on machines even when powered off. It's possible that the move to remote learning has made the initial attack vectors of phishing (targeting administrative credentials) and targeting Web-facing administrative protocols such as Remote Desktop Protocol (RDP) easier, as attackers leverage the pressure and chaos of transitioning a school to remote learning to their advantage.

These top three techniques continue to succeed, largely because they exploit legitimate features of the Windows operating system. Because these techniques rely heavily on trickery, they're more likely to remain unnoticed in a remote environment. Discovering these techniques requires a healthy dose of self-awareness and knowledge of what is legitimate activity and what is not. Maintaining a baseline of legitimate system activities and processes won't be easy, especially if you've made sacrifices to support your remote teachers and staff through local administrative privileges, adjustments to permitted software, and adjusted content controls. School technology staff should remain vigilant and still strive to understand their adversaries' techniques. Educational organizations can tackle these threats with mitigating security controls and improved cyber hygiene. With this knowledge, schools can re-evaluate their tools, technology, training, personnel, and processes to gauge if they are adequately prepared.

Build the Barricades: 5 Steps
Armed with intelligence about the regulations, threats, and shortcomings in their environment, schools can now work on building their defenses. Here are five key steps:

  1. Limit administrative access: Offering end users administrative privileges they don't need is tantamount to giving cybercriminals the keys to the kingdom. Schools should adhere to the principle of least privilege, restricting users' rights and permissions to their specific job duties.

  2. Administer security awareness training: Cybersecurity awareness training is key in helping end users identify cyber threats and manage them appropriately.

  3. Implement network segmentation: This breaks up the network into chunks that can be more easily managed and limits an adversary's visibility of your network and assets. Each of these segments should be protected with firewalls, and network traffic should be limited to these divisions as well. By restricting the ports and protocols that each system on the network is serving and restricting those services solely to the endpoints and networks that require them, the spread of an attack can be curbed significantly.

  4. Implement vulnerability management: Schools should conduct frequent inventory checks, stay abreast of the latest patch releases, and, if possible, adopt an automatic patch deployment schedule.

  5. Ensure visibility: Ideally, schools should employ tools which offer a deep analysis of their systems and automatically tackle threats as they appear.

In the end, we need to applaud the teachers and academic staff working hard to support students in these extraordinary times. This effort should not go to waste for lack of cybersecurity readiness. Fortunately, the foundations of achieving good cyber hygiene are not ground-breaking, nor are they unattainable. If academic organizations can check these boxes, they're positioning themselves in good stead against any future threats.

Chris Abbey is an experienced cybersecurity leader and analyst with a penchant for following his heart in volunteering and mentoring. His diverse background includes work in the federal, public, and financial services sectors, where he has honed skills in threat and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.