In the education industry, where physical safety threats to students and educators have long been a concern, a new menace is on the rise - cybersecurity attacks.
According to CNBC, the education community, encompassing students, teachers, parents, staff, and their connections, is grappling not only with physical safety but also with the escalating threat of cyberattacks.
US Schools Face Rising Cyberattack Threats
Charlie Reisinger, the Chief Information Officer of Penn Manor School District and a professor at the Millersville University of Pennsylvania, told CNBC about the rising cyberattack threats the schools face.
"Our school's digital doors are rattled, pinged, probed, and prodded thousands of times each day by well-resourced adversaries from all over the globe," Reisinger said.
The year 2022 has witnessed a disturbing surge in cybersecurity attacks in US schools, with 1,981 schools across 45 districts falling victim, nearly doubling the incidents of the previous year, as per a report by Emsisoft based on publicly available data.
Josh Heller, Supervisor of Information Security Engineering at Digi International, emphasized the inadequate funding for schools to combat cyber warfare, saying, "Schools are definitely not funded enough to support cyber warfare."
The ramifications of cyber attacks on educational institutions extend beyond mere financial losses and operational downtime.
Those targeting schools can potentially breach a treasure trove of sensitive data, encompassing identifying information, evaluations, assignments, grades, health records, attendance history, discipline records, special education data, and more.
As noted by Reisinger, the repercussions transcend financial consequences, delving into the socio-emotional strain on students.
The Intricate Nature of Educational Environments
The intricate nature of contemporary educational environments, marked by many individuals and devices, presents numerous opportunities for human error.
Warren Young, Vice President of Education at Absolute Software, underscores the difficulties in securing devices that are frequently lost, taken, or tampered with essential security features.
Primary concerns revolve around phishing attacks and exploiting known vulnerabilities for ransom-related objectives. The fallout from ransomware attacks encompasses not only the tangible costs of lost productivity, recovery endeavors, and ransom payments but, more significantly, the adverse impact on students' educational experiences, Young noted.
Addressing the Cyber Talent Gap
Reisinger proposed addressing the cyber talent gap through cyber partnerships between public schools and local universities, fostering talent pipelines through internships, knowledge exchanges, and practical initiatives.
Young emphasized the importance of auditing device data and ensuring encryption to safeguard information. He raised the question of promptly removing data from a compromised device to prevent unauthorized access.
Furthermore, Heller advocates responsible vendor disclosure via the US Cyber & Infrastructure Security Agency, utilizing government funding to enhance cybersecurity. While the NIST National Vulnerability database aids information teams, Heller suggested discreet access to prevent misuse by malicious actors.