Cyber Incidents in Education Escalate into Frustration

July 23, 2019

Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about the Education industry and Education data breach. It provides brief summaries and links to articles and news across a spectrum of EdTech. Learn about cyber incidents in education.

Although the FBI encourages users and organizations not to fall for the provocations, sometimes paying the ransom is less expensive than hiring an expert and fixing a system. According to Education Industry Cyber Incidents Report 2018, an average number of stolen data per year reaches 3 million records in education sector.

62 breached institutions and thousands of fake student profiles: education cybercrime is ongoing

Education Dive on July 19, 2019

Last week, the US Department of Education announced that 62 colleges were breached. It is supposed that a security flaw in the Ellucian Banner software, used by victimized institutions, allowed attackers to take control over the users’ sessions and, as a result, gain access to students’ sensitive information. Furthermore, hackers created thousands of fake student accounts: some of them, referring to the Ed Department, were almost immediately used for fraudulent actions.

Concerning the cyber incidents in education, Educause expert Brian Kelly has emphasized the importance of “broad-based institutional participation” in protecting of educational data.

Because cybersecurity threats can target multiple points of entry in an institution, it is important for all campus members to know basic information security protections to safeguard data and prevent those data from being mishandled.

Brian Kelly, director of the cybersecurity program at Educause

Although the landscape of education insecurity is diverse, cybersecurity threats deserve special attention. According to Education Industry Cyber Incidents Report 2018, an average number of stolen data per year reaches 3 million records in education sector. The following news approves an upward tendency in attacks.

To pay or not to pay? That is a ransom

Syracuse.com on July 16, 2019

To avoid this dilemma, educational organizations should first ask: to click or not to click? Otherwise, there is a risk of getting into the same situation as the Syracuse City School District recently faced: the district computer system was disabled due to a ransomware attack.

Typically, ransomware attacks start when an employee opens a bogus email that unleashes a virus, quickly spreading and locking users out of the computer system. After that criminals send victim a message, requiring a ransom to unlock the access to the network.

Although the FBI encourages users and organizations not to fall for the provocations, sometimes paying the ransom is less expensive than hiring an expert and fixing a system. For instance, last year the Leominster school district in Massachusetts paid a $10,000 Bitcoin ransom to hackers to unlock its computer system.

The essential step to protect educational organization against ransomware attack is to regularly back up the critical data and raise cybersecurity awareness of students, faculty and staff.

Phishing in K–12 sector: be ready to detect the bait

EdTech Magazine on July 17, 2019

According to the Consortium for School Networking report, “phishing is by far a security threat that most concerns school districts.” Thus, it is unsurprising that K-12 organizations are doing everything to mitigate the risks of phishing attacks. In terms of limited IT resources and budget, the only question is how to avoid taking the bait?

  1. Construct layers of prevention and protection for users. In fact, patching, anti-virus, anti-malware, and firewalls are only the first layer of protection. Implementing multifactor authentication would empower cybersecurity measures.
  2. Teach educators and students to be click-savvy. A cost-effective way to estimate the current state of knowledge and raise awareness is simulating phishing attacks.
  3. Remember that more advanced scams call for greater defenses – planning cybersecurity policy, pay attention to the next-generation tools like AI and ML.

Contact us

NO SPAM.
WE RESPECT YOUR PRIVACY.
*Average response time is 6 hours
More on:
Audit (24) Defense (71) Education organization (67) Fraud (15) Higher Ed (56) K-12 (50) Phishing (22) Ransomware (16) Threats (72)