Hackers are, on average, resourceful, conniving, prolific and not terribly picky about who they prey upon. At the end of the day, the goal is typically to employ malice and an understanding of technology systems to make money, which means no industry falls outside the realm of vulnerability – and this includes education.
Colleges and universities may not seem like the most obvious targets at first glance, but cyberattackers are hitting educational institutions left and right, and they have been for quite some time.
Recent breaches highlight an attack trend
On Sunday, Jan.24, a data breach was announced at Lawrence Public Schools in southwestern Michigan. According to the Eagle Tribune, the hackers used phishing tactics in order to pilfer information from the school system’s online database, and possibly got away with teachers’ Social Security numbers. In conjunction with names, addresses and other personal information, a stolen Social Security number can be used to perpetrate identity theft, and are therefore bought and sold in the darkest corners of the Web.
In a similar but as of yet unrelated incident, the University of Virginia reported a data breach only a few days before the Lawrence Public Schools incident. According to ZDNet, hackers successfully broke into a component of the human resources department. As a result, personal information belonging to an estimated 1,400 employees of the academic division is believed to have been stolen. Like the Lawrence Public School incident, phishing tactics were used to steal login information from one or more employees. Once in the system, the hackers were able to get ahold of employee W-2s as well as the direct deposit information of up to 40 employees.
As comforting as it would be to say that these are fluke incidents, researchers have revealed that education is actually one of the most highly targeted industries. According to Trend Micro’s analysis of data breaches by industry, education is the second-most targeted industry after health care, and hackers are after the same type of personal information that they managed to plunder from UVA.
If nothing else, this information – compounded by recent breaches – highlights the need for more comprehensive cybersecurity in education.
Insider protection for school networks
In the case of a phishing attack such as those that affected Lawrence Public Schools and UVA, staff effectively – albeit accidently and unknowingly – gave away their credentials to cybercriminals. In other words, this breach was not a matter of perimeter defenses being penetrated.
It’s also worth noting that the university had no knowledge that the attack occurred until the FBI notified them. Until outside forces stepped in, they had no way of detecting the breach in the first place.
This highlights two significant concerns. Firstly, hackers have ways of getting around preventative cybersecurity. They’ve done it before, they did in both of the cases mentioned above, and they’ll do it again.
Secondly, once inside, they had enough time to get what they came for. It’s very little consolation that theFBI has the culprits for the UVA case in custody given how quickly the stolen information can be sold online.
Both of these factors point to a need for further protection of data once hackers get inside, More specifically, network administrators need a way to detect a breach as soon as it occurs.
Herein lies the value of SIEM-as-a-service. Much like traditional security information and event management, managed SIEM supplies comprehensive network monitoring. The main difference is that it’s a cloud-delivered solution with low overhead and relative ease of deployment. Furthermore, the service is orchestrated by a cybersecurity professional, which comes as part of the package.
It is not beneath cybercriminals to target educational institutions, and as recent events have shown, they’re capable of it. The good news is that when preventative cybersecurity is not enough – which is often nowadays – managed SIEM can still save the day with vigilance and expertise.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.