How vulnerable are schools to malicious intrusion?
As the use of educational technology grows, so do the cybersecurity risks of being breached and hacked. Schools and districts are becoming more vulnerable as more technology is used, especially with the rise of artificial intelligence.
Jena Draper, Chief Innovation Officer at itopia, looks at two hugely intrusive culprits: phishing and malware.
Malware and phishing attempts are constant, an almost relentless assault on the security of a school and its inhabitants. Students, teachers, administrators, and even some families can be subject to these attacks and data breaches. According to itopia, in the last 90 days there have been more than 15 million malware attempts in schools alone. This alarming figure shows that student data is constantly under siege and must be protected at all times.
“Data privacy is adjacent to cybersecurity,” Draper says. “What we do is we have multiple databases, as well as our own ai crawlers, and we actively scan over a billion domains in real time. If we see even one suspicious activity event (which has several different classifications), we automatically block it. In the last 90 days, we have actively blocked 15.961 million malware threats.”
Millions of sites are working to introduce malicious software into school systems on a regular basis, either through malware or phishing attacks, which involve tricking users into providing security access. But how much of this do regular Internet users know?
“This is not normal consumer information,” Draper says. “The reason I bring this up, as far as the data goes, is that the average consumer, the average school district, the average normal human being, doesn't know about this. We know our data is out there. We know there is some kind of risk. But we really don't know how hackers use our data, how they get to us and how they use ai to improve their access capabilities (to that information).”
So there are invisible digital threats all around us. In a time when everything is connected and everything is digital, how do we start to protect ourselves?
“Districts need to move from reactive to proactive,” Draper says. “The consensus in all the districts that I have interviewed in recent months is that we have many tools and we need to start consolidating them. All of these tools not only have a cost associated with them, but they also have a time associated with them. “We don't have time to manage all these tools and look at the data and hopefully determine whether a site or program is a real threat or not.”
Why are data breaches so common?
It is no secret that technology has flooded the educational space like never before. With the advent of various forms of technology, new ways have also emerged for hackers to steal data and commit heinous acts.
“COVID amplified our use of technology,” Draper says. “A lot of money was flooded into educational technology thanks to ESSER dollars. It was the perfect catalyst for cybersecurity to go crazy. “It accelerated the number of vendors and tools that existed, but it also created a lot of surfaces and endpoints that hackers could access.”
With so many new programs and devices being introduced into education, focusing on cybersecurity is even more important than ever. We may not see the danger clearly, but it is there and constantly working against us. We must remain vigilant in protecting the information of our students, our teachers, and ourselves.
What can school districts do to protect themselves?
School districts can't prevent the use of technology in the classroom, but with threats to information security looming, the issue of protection is more important now than ever.
“School districts aiming to strengthen cybersecurity should start by assessing their risk and readiness,” Draper says. Cybersecurity Rubric (CR) by the Cybersecurity Coalition for Education (CC4E), is a great tool to assess your posture against the NIST categories. Macs and Windows require more layers of protection and are more expensive to secure than Chromebooks, which primarily require Google Workspace for Education and an additional layer of threat detection. Considering cybersecurity expenses in device upgrade plans can significantly impact district budgets.”
