Hacking Educational Organizations – Are You Game?
Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about the Education industry and Education data breach. It provides brief summaries and links to articles and news across a spectrum of EdTech and current risks of hacking educational organizations.Not so good times for Georgia Institute of Technology – only two weeks have passed since we covered New Jersey high school students’ hacking attempt, when a new data breach stirs cybersecurity world to evaluate the education insecurity. What can you do in two hours? Write a report, make soup, do some yoga, or at least watch a film… Whatever you answer, we suppose, you have not thought about hacking educational organizations in 2 hours.
Misfortune of Georgia Tech Institute – data breach exposed 1.3 million records
Latest Hacking News on April 8, 2019
Not so good times for Georgia Institute of Technology – only two weeks have passed since we covered New Jersey high school students’ hacking attempt, when a new data breach stirs cybersecurity world to evaluate the education insecurity.
In late March the Georgia Institute of Technology experienced a security breach, so that 1.3 million records of current and former faculty, students, staff, and student applicants were leaked. Georgia Tech officials have not determined the kind of exposed information but they suspect that compromised data included the names, addresses, dates of birth, and Social Security numbers. Although the institute has reported the matter to the U.S. Department of Education, data breach investigation is still ongoing.
By the way, it is Georgia Tech’s second data breach in the last two years. While this incident demonstrates the web application vulnerability, building strong cybersecurity policy involves raising users’ cybersecurity awareness.
Hacking time! A couple of hours is enough to access a university network
BBC News on April 4, 2019
What can you do in two hours? Write a report, make soup, do some yoga, or at least watch a film… Whatever you answer, we suppose, you have not thought about hacking educational organizations in 2 hours. However, that is how much time attackers need to obtain “high-value data”.
The Joint Information Systems Committee and the Higher Education Policy Institute organized a noteworthy experiment. The test was carried out on 50 universities in the UK by Jisk ethical hackers, who were asked to simulate cyberattacks and get access to valuable data. Only two hours, and in some cases one hour, were enough to reach student and staff personal information, override financial systems and access research databases.
We are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills, and investment. Cyber-attacks are becoming more sophisticated and prevalent and universities can’t afford to stand still in the face of this constantly evolving threat.
John Chapman, Head of Jisc Security Operations Center
Keeping universities data secure – three solutions for IT pros
EdTech Magazine on April 5, 2019
If two previous news made you slightly frustrated, this one will change the situation. Although hacking educational organizations never ends and education sector is one of the most desirable target for cybercriminals, university IT teams can take three following steps to mitigate the risks:
- Assess network security early and often. According to RiskRecon, the rate of internet-facing software vulnerabilities at universities is 10.6 times greater than in the financial sector.
- Patch university networks automatically. It is especially actual for IT teams of small institutions, where automatic patching software can become a valuable asset. Furthermore, nearly 60% of breaches happened because of unpatched vulnerabilities.
- Adopt network practices that prevent lateral movement. In terms of that, network may become a solution to restrict hackers’ malicious activity.
“Cybersecurity and data privacy is not a technology issue. It’s a human issue”
EdScoop on April 3, 2019
Nowadays the EdTech industry offers teachers a range of applications and solutions that can make educational process more interactive, effective, and convenient, providing a personal approach to each student’s learning needs. However, before integrating a new application into the educational process, it is vital for teachers to comply with student data privacy principles.
Commenting on current EdTech trends, Marlo Gaddis, CTO of the North Carolina Wake County Public School System, emphasized the increasing role of IT leaders in boosting teachers’ cybersecurity awareness and minimizing hacking educational organizations.
In Wake County, district officials are working together to establish a better understanding of the “compelling why” — why teachers and administrators need to be hyperaware of student data privacy as they vet educational resources.
Marlo Gaddis, CTO for the Wake County Public School System in North Carolina
Bobby the Fish
Bobby Unchained is here!
Fish morning, everyone.
Yesterday my man Anthony phoned his friend and joked, “Wanna know why fish don’t like computer? They are scared of the net!”
Ha-ha! Definitely bout me. My ancestors, who lived in the Indian Ocean, had the talent to swim out of all nets. That is why they were called “Unchained”.
Indeed, if you are not as small and nimble as my fish ancestors, you should surf the net carefully. Anthony says there are a lot of threats there and viruses are not the only ones. I’m used to trusting him.