Risks of HigherEd Cyber Attacks are High

Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about Education industry. It provides brief summaries and links to articles and news across a spectrum of cybersecurity and technology topics that are specific to the industry.

FBI provides awareness of edtech cybersecurity risks

EdSurge on September 14, 2018

An announcement released by FBI warns educators and parents that edtech can pose cybersecurity risks to students. The point is that collection of personal data by edtech vendors (e.g., geolocation, IP addresses, browsing history, etc.) provides a wide window of opportunities for cybercriminals enabling them to conduct social engineering, bullying, tracking, identity theft, and threatening.

The history of education cyber attacks has seen a lot of hackers target insecure districts and subsequent cases of sabotage and public access to students’ data.

Among the FBI’s recommendations to families, there is researching the existing student and child privacy protections of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), and state laws as they apply to edtech services.

Cloud security for IT teams

EdTech Focus on HigherEd on September 14, 2018

Since more universities move into the cloud for storage, IT teams need help dealing with cloud security management. A CDW white paper lists major threat categories and can aid in educating staff and implementing new cloud security measures. These are some of the categories:

• Data Breaches – files are improperly accessed.
• Data Loss – data that has not been properly duplicated and secured to protect its availability is lost.
• Account or Service Traffic Hijacking – a user account is accessed unauthorizedly.
• Insecure Interfaces – both service usage and management are compromised.
• Denial of Service – legitimate users cannot access the resources.
• Malicious Insiders – users and admins intentionally violate organizational policy for personal reasons.

Students blamed for university DDoS attacks

ZDNet on September 14, 2018

Who is to blame for cyber attacks on universities? In general, nation-states and criminal gangs get the blame, but a new study shows that students (or even staff) could be culprits. The analysis reveals that these incidents usually take place during the working day and drop dramatically on holidays.

This pattern could indicate that attackers are students or staff, or others familiar with the academic cycle. Or perhaps the bad guys simply take holidays at the same time as the education sector.

John Chapman, head of security operations at Jisc.

In one of the cases, a hacker was launching an attack to disadvantage a rival in online games, and a DDoS attack (Distributed Denial of Service, which can disable an organization’s website or server) on a university network four nights in a row. Unfortunately, educational institutions tend to take cyber attacks lightly and ignore cyber threats.

Northern Ireland universities cyber attacks on the rise

BBC News on September 15, 2018

According to a report, there were more than 850 attacks in the UK in 2017-2018, aimed at almost 190 higher education organizations. This was up from fewer than 600 attacks on about 140 institutions in the previous year. In Northern Ireland, educational institutions suffered 16 serious cyber attacks in 2017-2018. Thus, the risks of HigherEd cyber attacks are still high.

So, cyber attacks on Northern Ireland universities are on the rise and if not tackled quickly, they can be even more disastrous.