Education is a leading target
Education has become the second leading target in cybersecurity attacks*. And while CIOs in education rate security amongst their top three priorities, cybersecurity breaches and attacks continue to grab the headlines. * Source: Trend Micro
The education environment has to allow network access by a largely mobile user base with a regular and rapid turnover rate as new students cycle through. While clear behavioral policies and guidelines for cyber protection can help, they can’t guarantee total security.
One of the biggest problems for IT departments in education can be a talent shortage, with limited assets to identify and fix problems in a time-critical manner – which is essential to avoiding a potentially devastating escalation of a cyber attack.
For K-12 schools Distributed Denial of Service (DDoS) attacks can be a common threat, with activity often heightened around key exam periods or simply when an individual wants to exercise a grudge.
For Higher Education establishments, threats often take the form of ransomware. Files are accessed and then encrypted by the perpetrator who can then demand often large ransom payments to release the data. In such cases, the FBI will not be involved unless the sum is above $100,000. This can leave establishments with a stark choice – pay or suffer the consequences. To get an idea of those potential consequences, take a look at the infographic.View infographic
Practicing ‘defense in depth’
This is an IT security concept that involves multiple layers of defense, such as antivirus software, firewalls, intrusion detection systems, and more. Defense in depth uses multiple technologies to provide protection in a number of ways which can create the cornerstone of a truly robust security strategy.
By applying the defense in depth concept, education establishments can help mitigate against cyber threats which can escalate when one type of device or entry point is breached. By implementing a mix of security technologies it becomes much more difficult for malicious activity to exploit multiple types of devices and entry points.View the AT&T defense in depth portfolio
CoSN Cybersecurity – Leadership Initiative
Technology leaders and policymakers need to protect their networks and information security, analyze their current status, and validate what they are doing well.
AT&T is supporting the Consortium for School Networking (CoSN) cybersecurity initiative by providing tools and resources that offer insight into how risk can be further reduced in order to help technology leaders contribute to their schools’ primary goals of teaching and learning.
We invite you to utilize these resources to assess your current security posture and plan accordingly.
3-steps to help assess, plan and build your security readiness:
- Determine your district’s security maturity using our self-assessment
- Download our cybersecurity planning rubric to assess your readiness
- Use the planning template as you build your own network.
Case Study:Pike County Schools
Pike County Schools is in the Commonwealth of Kentucky where the Department of Education has supplied AT&T Distributed Denial of Service (DDoS) Defense for all of its K-12 districts.
AT&T monitors the traffic flowing to each district’s network, and where there is evidence that a DDoS attack is initiated, the district is placed in DDoS mitigation.
Since the service began, Pike County Schools has not had to worry about a DDoS attack.
DDoS protection is part of a multi-layered defense in depth strategy employed to safeguard district networks. Other measures include a firewall, anti-virus software, and staff/student training to promote secure behavior and practices.
“There have been a few instances where AT&T has notified us of a (DDoS) broadcast storm and has done some throttling restriction for us. But this all happens in the background, and we haven’t had to give it another thought”
Clayton Potter, Director of Technology, Pike County Schools.