The U.S. education sector is in the midst of a cyber crisis. The shift to cloud-based virtual learning during COVID-19 created the perfect storm for threat actors to capitalize on: education IT departments, already weathering a shortage of physical resources, funding, and staffing, unexpectedly faced an even greater challenge. Without the human resources and advanced solutions to secure vulnerabilities in their networks, K-12 school districts and higher-ed institutions became easy targets.
After 1,740 K-12 schools, colleges, and universities were hit by ransomware in 2020 – a record high – the frequency of attacks has shot up even more over the past year. Microsoft Security Intelligence found that from Aug. 14 to Sept. 12, 2021, educational organizations were targets of more than 5.8 million malware attacks globally – representing 63 percent of all such attacks. It’s abundantly clear that a change in approach is needed. Adopting new measures that better position the education sector to defend itself must be a top priority across the U.S. cybersecurity community.
The Case for Collective Defense
The current cyber-defense model for schools represents a fundamental flaw within America’s national cybersecurity strategy. If multibillion-dollar corporations and major critical-infrastructure suppliers can’t defend themselves from Russian and Chinese threat actors, how can we expect a small, rural school district in Kentucky to combat nation-state attacks? And if large, well-resourced universities like Stanford and Michigan State are unable to prevent digital extortionists from infiltrating their networks, how can we expect a local public school system to prevent ransomware?
The real way to improve security across the education sector is through a Collective Defense model: requiring schools, like private-sector companies, to proactively defend with their peers up and down the vertical education chain. The Collective Defense framework was a fundamental component of the K-12 Cybersecurity Act, passed by the Senate in May 2021.
Collective Defense integrates a collaborative approach to cyber defense, essentially creating a “community of defenders” to combat threat actors. In this case, the community would comprise individual schools, school districts, state education systems, and higher-ed institutions, as well as state and federal government agencies, all of whom share threat intelligence generated by AI network detection and response (NDR) solutions that leverage behavioral analytics for real-time visibility into the threat landscape.
After a potential threat is detected, each member of the community would work together – K-12 schools with other schools, districts with other districts, universities with other universities, and state education systems with other state/federal government entities – to coordinate proactive response efforts. This unified line of defense enhances community members’ ability to address vulnerabilities, respond to attacks, and mitigate damage to strengthen the cybersecurity posture of the entire sector.
Promoting Hyper-Vigilance Within School Systems
For IT leaders in the education sector, fostering a culture of hyper-vigilance among students and staff members is another critical part of the equation. That means operating with the assumption that an attack will happen as opposed to could happen. In turn, schools should continue to integrate the use of Zero Trust best practices for a hybrid in-person/virtual learning environment, which would include:
• High VPN usage, multifactor authentication, firewalls, and anti-malware to combat phishing
• Abiding by the Principle of Least Privilege for network access
• Incident-response protocols for students and staff to follow
• Enhanced data-security measures to protect confidential student records, which are high-value targets for ransomware actors.
Cyber engagement at the individual, leadership, and peer-network levels is also essential. The effectiveness of a defense playbook is dependent on student and staff engagement, such as simplified training programs that enable them to meet security-compliance standards as hyper-vigilant citizens who don’t fall victim to cyber fatigue. In addition, cyber engagement requires seamless communication and transparency at the school district and university leadership levels to ensure each piece of the puzzle is connected. Regardless of the nature or extent of an attack, each member of the Collective Defense community has an inherent responsibility to report it.
There’s never been a more important time for the education sector to shift toward a Collective Defense approach coupled with hyper-vigilance and cyber engagement. It’s time to prioritize safeguarding America’s schools from cyberattacks.
George Lamont is the chief information officer of IronNet. This piece was originally published at RealClearEducation.