As empowering as this technology can be, it’s important to assess the risks in order to understand the potential negative consequences and, most importantly, how to mitigate them. Without necessary measures in place to support security across all services and applications, educational institutions will be unable to ensure these evolving digital environments are safe.
It isn’t simply an issue of an increase in attacks, but their ever-growing complexity. Good things can be used for nefarious purposes. Encryption, for example, creates control for confidential communications. However, that same technology can be used by attackers to hide malicious activities or, as we now see routinely, to crypto lock victim systems, crippling them and extort ransom demands.
The almost-overnight pivot to online learning was, in many cases, rapid out of necessity, and therefore often without sufficient attention to security concerns. Many institutions simply relied on existing digital infrastructure, and this exposed numerous flaws.
Schools, universities, and TAFEs have been the target of a growing number of attacks.
A breach caused school computer systems across NSW to shut down just days before students were to begin the new term, presenting the NSW Education Department with a difficult set of circumstances to resolve.
This is just one example; in 2020 and 2021 the education sector saw a 75% increase in attacks.
Educational institutions face quite a different threat profile to normal organisations. While most have the majority of adversaries outside the environment, schools and universities tend to have adversaries inside as well. In other words, students aren’t always innocent.
Identifying the problem
Most state education networks rely on one centralised government entity to provide services and infrastructure. What we see in remote and hybrid learning environments is the entire population of students and teachers using remote networks when working from home, placing strain on remote access infrastructure.
Additionally, with the adoption of Software-as-a-Service (SaaS), externalisation of services, and surging demand for high quality and dynamic content, traffic through these centralised gateways is continuing to grow rapidly. Without increased capacity, the systems won’t cope, leading to poor user experiences at best, or complete unavailability at worst.
Architectures must be changed to have a more distributed egress; but this can present an enormous challenge as a result of how they’ve been built previously. This also presents an operational scale issue; with greater distribution, there are more systems to be managed. Efficiency, consistency, and fleet management via automation are key to scaling.
Another increasingly complex challenge stems from the raft of tools available to, and used by, students to bypass security controls, which is more easily done when egress monitoring is inadequate. Comprehensive filtering and inspection of traffic is needed in order to combat the threat.
Like the multiplying heads of the Hydra, when one cyber security concern is identified and dealt with, another two appear in its place.
Protecting our most valuable assets
As disruptive as the shift to digital and remote learning has been, it has also created an opportunity for the sector to ask: how do we guarantee a system moving forward which meets the significant and increasing demands, but also ensures cyber security and safety?
One answer is to wrap a consistent security layer around all services, protecting apps and APIs across all environments. Adopting a defence in depth approach, focussing on both ingress and egress control, and inspecting all traffic is key.
The 2021 Log4j zero day vulnerability, though not only affecting educational institutions, saw millions of computers hit through software commonly used by students, teachers, and learning institutions. As an example, one of our customers in the education sector was able to provide rapid protection by reducing the window of exposure with Web App Firewall signatures to block Log4j attacks. Then, it turned its attention to preventing malicious payloads from spreading further.
This approach allowed time to undertake the lengthy process of inventorying systems with the log4j vulnerabilities, deploying patches, and waiting for vendors to provide patches for their systems.
Others resorted to the whack-a-mole approach, madly trying to identify and patch everything as rapidly as possible, often unable to determine which systems used the vulnerable component. Or to describe it another way, the difference between a calm and measured response versus many consecutive sleepless, stressful nights with all hands at the pump.
Streamlining application modernisation and reducing complexity by supporting rapid innovation, integrated security, and accelerated app deployment will help improve IT agility, efficiency, and effectiveness, while meeting growing demands for better digital experiences.
Australia’s education sector will continue to face increasing security challenges as it adapts to a world of permanent hybrid learning. The road ahead will not be easily travelled so long as cybersecurity standards are not applied consistently across all environments – traditional and modern.