Cybersecurity in Education: Threats Impacting K-12 and Higher Education
As schools, colleges, and universities become more connected, it opens up a world of possibilities for students. The IT market suggests today we have around 15 billion devices utilizing an IP address, and that number is expected to grow to approximately 500 billion devices by 2030. Everything from the drinking fountains on the playground to the light bulbs illuminating classrooms will utilize an IP address for administration and monitoring purposes. While this brings numerous benefits to faculty, staff, and students, the increased number of devices utilizing an IP address means there are more entry points a hacker can target – and therefore more areas that need security focus.
In order to protect all of these areas, you have to understand how cyber attacks function from the beginning to the end. Vulnerabilities can be everywhere in your network and managing every possible risk of being exploited is an unfair battle. All it takes is missing an update, an error in configuration, a mistake by a user, or something completely outside your control such as a vulnerable piece of code in a product you purchased to get compromised. Typically, cyber attacks are developed around these vulnerabilities. Attackers exploit them to deliver something unwanted to your system. An example of this is how many exploit kits are used to deliver ransomware.
Ransomware is when a hacker encrypts your information so that you can’t access it without a digital key, which they require payment to provide. They literally hold your information ransom for a cost. And it can be high – once, a hacker demanded $124,000 from four elementary schools after an attack on their online exam system.
Exploit kits are a way hackers can deliver ransomware to victims. Exploit kit attacks typically involved getting victims to access a website that scans for a vulnerability in their system and exploits that vulnerability to drop ransomware onto the system. The most popular variation of exploit kit is known as Angler, which Cisco’s research group Talos estimated is raking in approximately $34 million dollars a year. And this is just one of the many exploit kits found in the world, so you can see how big ransomware has become.
Another popular type of cyber attack is known as phishing. Phishing is when the malicious party poses as a trusted organization and sends you an electronic communication to try and get information – such as bank account information or your social security number. Phishing emails often include claims that you have won a bunch of money or offer free stuff. Phishing has also become a popular method to lure a victim to an exploit kit. Now, you don’t need to enter your information – just by clicking on the link in a phishing email can lead you to a malicious website hosted by an exploit kit. You can see one example of a phishing attempt below, where the attacker claims my account will be terminated until I click the link.
The good news is there are best practices to reduce the risk of these and other cyber threats. Cisco has numerous resources for education institutions to learn how to properly enforce security based on industry best practices. You can download our cybersecurity for education pocket guide to get started. And for more in-depth information, be sure to register for our upcoming webinar on cybersecurity in K-12 education and higher education.