Students of today are living through unprecedented times, amid a global pandemic, that over the last year changed how we lived, worked and learned. Globally, over 1.2 billion students were out of the classroom, leading to the rise of distance education and e-learning over virtual platforms.
While school-led remote learning is not a new concept, COVID-19 drove a major shift in the delivery of education and uptake of technology for schools and universities around Australia. In many instances, continuing education to students or training and collaboration among educators was only possible due to fast decision-making and accelerated adoption of hybrid cloud environments. Cloud-based technology and collaboration tools, such as Microsoft Office 365 applications, played a big part in ensuring our work and life could keep going.
With many organisations increasing their cloud software usage, Microsoft dominates the productivity space with 115 million daily active users and is also the leading platform for the education sector worldwide. Australian educators have embraced its collaboration and productivity benefits too, particularly in the past 12 months, using tools like ‘Teams for Education’ as a hub to engage students in remote learning. However, while technology investments like this are great for schools, they are not without risk.
Increased Cloud Coverage Increases Risk
The reality is that for many education providers cloud and digital transformation also presents significant transitional gaps and opportunities for cyber adversaries to hone their skills and benefit from the speed and scale of cloud adoption. Even prior to the disruptions brought on by the pandemic, the education sector’s cyber threat profile was in the spotlight, with intelligence agencies warning that education is perceived as a prime target for sophisticated hacks.
A spate of recent ransomware attacks targeting schools in the UK prompted the country’s National Cyber Security Centre to issue a warning last month for increased vigilance in the education sector. Closer to home, New Zealand school networks blocked over 2,000 online threats per minute after returning from lockdown last year, according to a report released by NZ Government-funded Network 4 Learning.
Australian schools are no less vulnerable to these types of threats. Last year, in New South Wales, school online accounts were targeted via a phishing email which exploited Microsoft SharePoint, a commonly used collaboration platform within schools, to try and gather user login and password information and earlier this year, a cyber-attack on the IT systems of Melbourne’s RMIT University disrupted the start of the new semester.
Email Account Takeovers on the Rise
User account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organisation’s network. Cybercriminals rarely act alone – from sharing infrastructure to being part of entire syndicates dedicated to sabotage, forcing organisations to constantly review and renew their security policies.
A new global study by Vectra AI has revealed that 71% of Microsoft Office 365 deployments suffered an average seven malicious account takeovers in the last 12 months to February 2021. The fact that three in four organisations have experienced malicious account takeover attacks highlights the need to track and secure identities as they move from on-prem to the cloud. The confidence displayed by security decision-makers in their ability to prevent account takeover attacks is a stark contrast to the rising number of attacks and long dwell times.
Across all sectors we are seeing a proliferation of data-driven applications and advancement of technologies such as artificial intelligence (AI) and Internet of Things (IoT) however cybercriminals are also using more advanced tools and sophisticated methods to attack organisations and breach privacy.
Bridging the Knowledge Gap
Most schools have lean IT teams and lack the cybersecurity expertise required to pre-empt and mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource. When hosting a number of users – from academics to students and visiting staff – varying levels of cybersecurity knowledge can also pose a threat to school networks and data.
Vectra’s research revealed that 96% of respondents in Australia and New Zealand believe their organisation’s cybersecurity risk had increased in 12 months to February 2021. As a result of increased Microsoft Office 365 usage during COVID-19, their main security concern is the risk of data being compromised and the ability for hackers to hide their tracks by using legitimate Microsoft tools, such as Power Automate and e-Discovery.
To protect schools and campuses from internal and external threats, outlined below are best practice tips:
- Apply a mix of subject matter experts and technology
It’s not enough to just invest in the tools but it matters to build knowledge and establish stringent governance frameworks. That’s where external experts with true cybersecurity expertise drive value, helping organisations not only to draw upon expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps.
- Understand your threat landscape
It is imperative that organisation truly understand their new enterprise network. We have seen perimeters of the network vanish during 2020 as organisations have shifted to the cloud; the modern enterprise network is now Datacentre, IaaS, SaaS and PaaS. It is vital that the enterprise has visibility into all of these networks and be able to track attackers as they pivot through these environments. We must build detection and response capabilities that can shine a light into all these environments and track attacker behaviour as they attempt to move laterally through these environments.
- Prioritise and respond at speed and scale
It is critical that enterprises can not only identify attackers as they pivot through the modern network, but they must have the ability to respond rapidly and in a consistent way across all network stacks be that IaaS, SaaS, PaaS, or Datacentre. The only way the enterprise can achieve this is via prioritisation of incidents leveraging AI and automation. This will then ensure that the limited capacity of the SOC will have the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach.
Building Secure Schools of the Future
Research has found that countries with established digital economies, including Australia, Japan, Singapore, and New Zealand have the highest exposure to cyber risks and their governments are taking active measures to invest in and implement cyber defence strategies. As PWC has highlighted, the level of cybersecurity maturity in the education sector is significantly lower compared to others; the risks being more pronounced when individual teachers or leadership (rather than IT specialists) are responsible for evaluating learning technologies.
Education providers need to maintain good cyber hygiene to drive down the noise coming into security operation centres. The speed with which a threat is identified and responded to will determine who succeeds in this fast-changing time.
Latest posts by Education Technology Solutions (see all)
- Why Bridging the Cybersecurity Knowledge Gap in Education is a Collective Responsibility - April 29, 2021
- Keystroke biometrics – a happy medium for schools - April 20, 2021
- Safely Manage Remote Learning - April 1, 2021