Education needs to go back to school for cybersecurity

Education needs to go back to school for cybersecurity

The education sector has not been immune to the digital revolution transforming businesses and organizations across the world. The year before the pandemic saw sky-high growth and adoption in education technology, with global edtech investments reaching €15.87 billion in 2019.

Many education institutions have their own bring your own device (BYOD) policies, while downloads of educational apps have risen by 130 percent over the past year.

Everything from laptops and mobile devices to interactive touchscreens and even virtual reality are becoming commonplace in schools districts, colleges, and universities.

The sudden transition from physical classrooms to distance learning during the Covid-19 pandemic accelerated this trend, while also shining a light on the growing reliance of students, faculty, and staff on technology. 

Digital technologies have helped empower students and teachers with access to advanced learning programs, material, and resources, and have been instrumental in the continuation of education despite widespread school closures due to Covid-19.

Even as students began to return to in-person learning, educators’ increasing dependency on digital resources has required staff to maintain strict control and oversight of an ever-expanding IT estate.

The growing number and importance of IT devices represents a significant challenge for educational institutions. It’s the reason why efficient IT asset management (ITAM) strategies are no longer a nice-to-have–they’re imperative.

As schools continue to adopt digital technologies to augment their educational programs, they’ve become increasingly vulnerable to cyber risks and threats.

Check Point Research shows a rise in cyber attacks on educational facilities across the globe. In Europe, the number of weekly attacks per educational organization increased by 25 percent from July-August 2020 compared to previous months, while in the U.S. the number rose by 30 percent in the same time period.

A Florida school district suffered a ransomware attack in April 2020 that saw fraudsters demand $40 million in ransom, threatening to erase data and post personal information of students and faculty online if they did not receive it. 

While this is an extreme example, attacks are not uncommon anymore.

A report by the FBI and several federal security agencies found that 57 percent of all reported ransomware attacks in August and September of the 2020-2021 school year targeted schools, due in large part to the shift to distance learning and the distribution of district-issued devices to people’s homes.

In addition to ransomware, DDoS attacks, disruption, and harassment on videoconferencing sessions, doxing and malware attacks are plaguing schools, putting the sensitive data they maintain at risk, and impacting resource performance and availability. 

The pandemic has intensified the need to track and maintain an expanding array of IT devices. When distance learning became mandatory, district-issued devices rapidly made their way into the homes of faculty and students, often without the necessary protections in place.

Not only are there many more devices to track, those devices are connecting to the network via unsecured home networks, which may also be tethered to various IoT devices and other connected personal computers and devices that serve as gateways for cybercrime.

Not only are education IT departments often in the dark about outdated operating systems that open up vulnerabilities on servers and end-user devices, they’re also struggling to keep tabs of software licensing and users. 

According to License Dashboard, 22 percent of higher education institutions operate with no official software asset management strategy in place, while 42 percent of IT decision makers at educational institutions say software asset management helped avoid unexpected costs associated with purchasing further licenses or paying noncompliance fines.

Without this insight, educational institutions are missing out on opportunities to optimize software and hardware contracts and agreements, or take advantage of potential discounts. 

An incomplete, inaccurate inventory of the IT estate may also result in hardware assets sitting idle or at half capacity, leading to unnecessary energy costs. Knowing how many devices have been distributed, who is using them and how many are still available for distribution is critical information to have on-hand, as districts continue to supply students with computers to support distance learning.

But manually tracking systems is slow, unreliable, prone to human error and leads to higher operational overheads. Without accurate, up-to-date data, decision-making is inefficient, which makes it difficult to meet the evolving needs of students, faculty, and staff and impact the quality of education.

IT and system administrators at educational institutions must do away with traditional manual, siloed approaches to managing the IT estate, instead taking steps to create a single system of record that contains all the data necessary to manage the growing list of software and hardware assets.

Automation is helping education organizations scan entire networks in seconds and provide full visibility into their growing and ever-changing IT environments. It also eliminates inaccurate paper-based asset tracking and reduces the high operational overhead of maintaining a diverse IT infrastructure.

With access to a complete, up-to-date asset inventory, IT teams can more easily assess security threats and vulnerabilities, take steps to mitigate risk and provide cost optimizations to reinvest budgets elsewhere to optimize teaching and class engagement.