Academic institutions (school boards, private and public schools) manage significant amounts of personal, health, financial and academic data - thus, they are primary targets for a cyber attack. Perversely, although schools have limited IT budgets that support complex and distributed legacy IT infrastructures, they must support the open data exchange expected in education while accommodating personally-owned devices on the network. It’s no surprise that denial of service attacks, ransomware of other malware, data breaches, and theft of employee and student information are all increasing threats in academic environments. What are the challenges that must be identified and overcome in order to have safe schools?
Educational institutions have to balance the need to secure complex data networks (distributed locations, wired and wireless networks, multiple user roles, extensive use of BYOD and the requirements for universal student connectivity) against the accepted requirement for "academic openness". At the same time, they are required to support students who tend to push back against network restrictions, and actively seek workarounds to access restricted services and data. Implementing and managing a secure network infrastructure under such conditions is problematic, and academic networks frequently contain exploitable vulnerabilities. As a result, these networks are vulnerable to internal and external attacks, especially be automated tools such as ransomware.
The vulnerability of educational networks is matched by the value their data records. Academic institutions generally house personal and financial information of employees and students. However, they may also hold significant amounts of proprietary research data - data that may be targeted by other researchers, industries hoping to commercialize intellectual property, or foreign countries trying to jump-start their own research programs.
The challenge of limited financial, personnel, and technical resources is certainly not unique to the educational sector. However, these issues have been exacerbated by the value of data held within this sector, increasing number of attacks that are occurring, as well as emerging regulatory pressures. The educational sector is facing a critical problem, and it is only continuing to get worse.
DigitalDefence is uniquely positioned to provide educators with a resilient approach to security and privacy, especially with regards to identifying, responding to, and recovering from a security incident. Our comprehensive solutions include Advisory services focused on information security policies and supporting documents and contracts, vendor management, and compliance management. Our Protection services ensure that your network architecture can meet the needs of a diverse population, and validates resilience with penetration testing and social engineering testing. And our Response services train you to perform an effective response, and support you with ad hoc and managed services to ensure a successful outcome.
Contact us for more information and to see how we can provide you with a solution to meet your needs.