Cybercriminals go back to school too

the Transform Technology Summits begins October 13 with Low-Code / No Code: Enabling Business Agility. Register now!

This article was written by Amber Bennoui, Senior Technical Product Manager at Threat Stack.

As K-12 and college students prepare to enter another academic year this fall, cybersecurity leaders are issuing star warnings educational institutions, as cyberattacks pose an increasing risk. The beginning of the school year represents a great opportunity for cybercriminals to exploit teachers, administrators, and students as they adjust to their new schedules and routines. To add further confusion, K-12 schools and higher education institutions are still in the early stages of their digital transformations – making efforts to scale infrastructure to support a growing need for remote learning, migrating to cloud infrastructure. and introducing new technologies and frameworks. IT leaders in schools and universities must proactively manage their digital transformations by balancing the cybersecurity and compliance needs of their modern IT infrastructure as user adoption grows. Ignore one and the rest will suffer.

The transformation of education into a highly regulated industry

When thinking of highly regulated industries, K-12 education and higher education do not initially come to mind. However, given the volume of confidential information (i.e., student financial records and PII), we see that educational institutions are forced to comply with frameworks outside of the Department of Education’s Family Educational Rights and Privacy Act. the United States (FERPA). The cloud posture of educational institutions introduces new complexities and compliance requirements, including but not limited to HIPAA, PCI DSS, SOC, GDPR, and state-mandated privacy requirements.

Just as compliance has become the standard for doing business in the private sector, it has also become inherently critical for public entities such as hospitals and schools to keep the personal data of patients and students safe. Regulators have imposed a wide range of mandates and protections designed to maintain privacy and security standards around consumer information. Educational institutions must have visibility into how data enters and leaves their IT environment. Schools must now identify the local, global and industry regulations that apply to their business and strategically implement the processes and technologies that keep them in compliance.

Many certifications require a large amount of documentation, including a clear information security policy, a risk assessment process, security assessments for any third-party tools, and evidence of information security monitoring and detection. It is also critical that organizations keep up with changes in compliance frameworks.

Security tools should map specific behaviors to multiple frameworks and ideally identify abnormal or anomalous behaviors to proactively identify potential threats and save a lot of time and manual labor. Bonus points if you can produce reports to provide proof of compliance while responding to audit requests.

The good news is that many of these regulations overlap so that educational institutions can simultaneously complete the requirements for multiple compliance frameworks. Compliance also has the added benefit of enhancing security maturity, a critical facet of educational institution operations given that Microsoft Security Intelligence found that 61% of the nearly 7.7 million business malware encounters reported last month came from the education sector.

Cybercriminals who bring educational institutions to school

The education sector is very under fire from opportunistic cybercriminals. Security Provider PurpleSec found that education ranked last in cybersecurity readiness among the top 17 industries. That same report also identified nearly 500 cybersecurity incidents involving educational institutions in 2020 alone.

The reason for the increased interest of cybercriminals in the industry is simple: Educational IT leaders often do not have the adequate resources or budget to protect against cyber attacks. Therefore, bad actors consider them easy targets. This scenario is even more critical as schools rush to scale existing tools and implement new remote education tools to enable hybrid learning due to the ongoing Covid-19 pandemic. With an IT environment in transition, it is difficult for educational institutions to enforce proprietary data security protocols while building redundancies, making them susceptible to DDoS attacks, SQL injection, phishing, ransomware, and password attacks.

Recommendations for an A + cybersecurity strategy

Educational IT leaders must prevent, accurately identify, and respond quickly to risks in cloud infrastructure and applications. Complete observability is crucial to prevent and disable cyber attacks before they become large-scale breaches. Collecting this data is difficult in the cloud, often rendering traditional collection approaches ineffective. This is why many companies use machine learning-supported tools and scripts to collect and analyze telemetry based on pre-set rules and conditions. This option is attractive to academic institutions because it allows IT leaders to strengthen and maintain their security posture without adding significant administrative work to their boards. Proactive monitoring allows schools to limit the scope and scope of common attack vectors.

Educational institutions are undergoing a long-awaited technological revolution that will forever change their operations and introduce new efficiencies in the education sector. Yet despite all this change, it is essential that IT leaders do not lose sight of their compliance and cybersecurity responsibilities. Cybercriminals certainly are not.

The first step in any cybersecurity or compliance program is simple: you need to know where and how sensitive information is stored within the infrastructure, monitor network settings across the network, record user access and privileges, and determine if the data follow proper handling procedures. These core principles serve as a solid foundation for IT leaders to advance the digital transformations of their educational institutions.

Amber Bennoui is a senior technical product manager at Threat Stack, a VC member at Vencapital, and a former co-founder of an experimental open source, peer-to-peer teaching and learning platform from the University of Reddit.


VentureBeat’s mission is to be a digital urban plaza for technical decision makers to gain insight into transformative technology and transact. Our site offers essential information on data technologies and strategies to guide you as you run your organizations. We invite you to become a member of our community, to access:

  • updated information on the topics of your interest
  • our newsletters
  • Exclusive content from thought leaders and discounted access to our treasured events, such as Transform 2021: Learn more
  • network features and more

Become a member



Please enter your comment!
Please enter your name here