The ABCs of Cybersecurity in Education

Schools have traditionally been seen as safe havens for students; a place where they can learn and grow in a protected environment. However, with the advent of the digital age, students and staff alike at K-12 schools and universities face growing threats to their sensitive data. Schools deal with a wealth of sensitive data, such as student records (including birth dates, addresses and contact information), medical information, financial data, and employment records for teachers and administrative staff. Hackers and cybercriminals are increasingly targeting educational institutions to hold this sensitive data ransom for financial gain or steal it and sell it on the Dark Web. More than ever, educational institutions must have robust cybersecurity programs in place to protect the school, students, and staff.

A” is for adversaries – The growth in ransomware threats

Like many other industries, one of the most significant threats facing the education sector today is the growth of ransomware. According to the 2022 Data Breach Investigation Report conducted by Verizon, which analyzed more than 5,200 confirmed data breaches, ransomware attacks grew 13 percent – an increase greater than the previous 5 years combined. In the education sector specifically, more than 30% of the investigated data breaches were the result of a ransomware attack.

Ransomware attacks on schools can be particularly devastating because schools often have limited budgets and personnel dedicated to cybersecurity and may not have the resources to recover from an attack quickly. In Bitdefender’s 2022 Cybersecurity Posture Survey of nearly 1700 organizations, we found that among respondents in the education vertical, only 19% have dedicated cybersecurity personnel. The majority (81%) said that cybersecurity was just one of many duties that fall to the (often already overworked) IT team.

“B” is for blunders – The human factor in cybersecurity

Another threat to cybersecurity in schools is the “human factor.” Well-intentioned employees and users are largely recognized as the weakest link in any cybersecurity program, and schools are no exception. Cybercriminals use social engineering techniques to trick users into divulging sensitive information such as login credentials or personal information. Phishing attacks, which are fraudulent emails that appear to come from a trusted source, are a common social engineering tactic used to target students and staff. In the 2022 Cybersecurity Breaches Survey conducted as part of the United Kingdom’s National Cyber Strategy, phishing accounted for the single most common type of attack, with 88% of primary schools and 97% of higher education colleges reporting that they experienced phishing attacks in the previous 12 months.

In addition to humans’ propensity to fall for social engineering tactics, there is also the fact that we simply make mistakes. In the Verizon Data Breach Investigations Report cited previously, 34% of the breaches analyzed in the education sector were from an email sent to the wrong person, or with the wrong attachment. Misconfigurations in a school’s endpoints (including computers and mobile devices), clouds or IT systems can also create vulnerabilities that attackers look to exploit and use as an entry point into the network.

“C” is for cybersecurity – Delivering threat prevention, detection and response

Effective threat prevention, detection and response form the foundation of any solid cybersecurity program and can help protect schools from growing cyber threats. Prevention includes measures taken to reduce the attack surface, such as addressing misconfigurations and vulnerabilities, securing email and endpoint devices, and managing risk, including human behavior. Protection involves leveraging cybersecurity solutions and services that help schools detect, quickly respond to, and recover from attacks.

Bitdefender GravityZone Business Security enables K-12 schools and higher education institutions to “Level Up” their approach to cybersecurity through improved prevention techniques and multiple layers of proactive protection. First, Bitdefender security helps organizations reduce risk by eliminating misconfigurations and vulnerabilities and keeping operating systems and applications up to date through the GravityZone Patch Management add-on. It also helps defend against ransomware attacks and provides proactive data protection by monitoring network shares, preventing files from being encrypted, and creating automatic backups. Real-time monitoring identifies suspicious behavior, blocks malware and malicious processes from running, and facilitates fast and accurate incident response that reduces attacker dwell time and enables rapid recovery from infection. GravityZone Business Security also helps mitigate human-triggered breaches through Human Risk Analytics technology and by protecting against phishing emails and Business Email Compromise (BEC) attacks using the Security for Email add-on.

Schools that struggle with limited cybersecurity budgets and staff can benefit from Bitdefender Managed Detection and Response (MDR) Foundations, which provides 24x7 monitoring and response. Bitdefender’s expert team of highly trained threat hunters and security analysts help customers harden their environments to prevent breaches and then continuously monitor for and eliminate threats such as ransomware, zero-days, and phishing attempts across endpoints, networks and cloud environments. Onboarding is so easy that most schools can be up and running within a day.

Bitdefender GravityZone in action

Goulburn Valley Grammar School in Australia had great success using Bitdefender GravityZone endpoint detection and response (EDR) for several years, but with ransomware attacks on the rise, the school became increasingly concerned with the gap in coverage when staff was not on campus. Goulburn Valley Grammar School turned to Bitdefender MDR for around-the-clock cybersecurity monitoring and remediation. The school soon experienced the value of the service with Bitdefender MDR prevented an especially insidious malware attempt that occurred when a student unknowingly downloaded malicious software onto their school-issued computer outside of normal hours. Moreover, with Bitdefender MDR, the IT team at Goulburn Valley Grammar School has reduced the time spent on cybersecurity management by 50 percent.

In another example, Italy’s Università degli Studi di Urbino Carlo Bo (University of Urbino) has an advanced IT infrastructure with modern-day requirements similar to a large enterprise but was increasingly frustrated with the performance of its previous antivirus solutions and the threat of ransomware. The IT department determined that a solution with a lighter footprint would serve their needs better. Cloud deployment would keep users secure while freeing staff from server maintenance. The university turned to Bitdefender GravityZone to defend its more than 2,000 desktops, laptops, tablets and smartphones. The GravityZone solution immediately started resolving the persistent malware infections. Security-related trouble calls to the IT department dropped by 35% within four weeks of installing Bitdefender GravityZone and the university experienced a 25% reduction in security breaches.

Learn more

Cybersecurity threats such as ransomware, phishing and data breaches are a growing concern for K-12 schools as well as colleges and universities. Prevention, detection and response are the foundation of a strong cybersecurity program that can protect schools, students and staff. With the Bitdefender GravityZone platform or services such as Bitdefender Managed Detection and Response, schools can take a proactive approach to strong cybersecurity and ensure a safe and secure environment for students.