HPE Aruba Networking Blogs

Cybercriminals Target K-12 Student Data

Schools are under cyberattack. Last year, K-12 school districts experienced an average of two cyber incidents a week, and 2017 is on pace to see double the number of cyber incidents according to CoSN.

Criminals are targeting schools here in the U.S. as well as globally. Disruption is always a goal, but recently, criminals are holding student and family information for ransom. Many schools have added student health information to their systems in an effort to broaden outreach for Medicaid and Children's Health Insurance Program (CHIP) benefits. The value of stolen student health information is rising rapidly on the dark web.

The stories are many. The school district in Dorchester County, SC was a victim of ransomware, which affected the information on 26,000 students. It got away with paying only $2,900 in ransom. Across the country, the schools in Columbia Falls, MT were targeted with extremely violent threats and demands for more than $150,000 in payments. More than 30 schools across the county were closed for three days until the FBI could investigate and identify the overseas criminals. It's no surprise that in October, the US Department of Education issued a warning about these types of cyberthreats.

A Broader Attack Surface

Schools have largely dealt with the challenges of mobile devices in classrooms, but a newer attack vector is coming from the Internet of Things (IoT). Facilities departments are installing rain sensors for automated irrigation, integrated access control systems and IP surveillance cameras to enhance physical security, automated sensor controls overheating and cooling, and smart lighting. In the classrooms, tablets, laptops and interactive whiteboards are everywhere, and increasingly, kids use augmented reality headsets to bring lessons to life, build their own computers using Raspberry Pi, and design robots and drones as class activities. The Internet of (School) Things changes how students do experiments and learn.

Screen Shot 2017-12-07 at 9.11.51 AM.png

There's often a specialist who oversees educational technology, but that's not necessarily the case when the facilities department embraces IoT. It's not uncommon for the manager of the maintenance department to use his personal credentials to give the smart irrigation control system access to the school's network.  That's not a problem until attackers compromise the system. Security systems don't set off alarms because the device appears to be used by a legitimate employee with valid credentials, but meanwhile, an attacker is sniffing around the network for data to sell or hold for ransom.

Screen Shot 2017-12-07 at 9.15.28 AM.png

Get Visibility and Control

You can't protect what you don't know you have. Oftentimes, network administrators simply don't know what user and IoT devices are on the network. You need to know about unknown devices as well as known devices that start acting strangely.

 With Aruba ClearPass, IT can identify what devices are being used on the school's network, whether it's wired or wireless. IT will know how many devices are connected, where they're connected from, and which operating systems are supported. Visibility is the foundation of security. From there, IT can enforce policies that govern the proper user and device access, regardless of user, device type or location. Finally, IT can protect your resources with dynamic policy control and remediation of actual threats.

Now, when the smart irrigation system logs on at 3 am and begins to act like a server, using valid credentials from the head of maintenance, the IT team will know about it right away. IT can cut off network access for that device immediately until they can investigate further. The plants will survive the mini-drought, and the deluge of data on the dark web is stopped.

Find Threats Faster

Artificial intelligence-based machine learning and user entity behavioral analytics can also help schools find threats faster. Aruba IntroSpect uses machine learning to spot changes in user behavior that often indicate inside attacks that have evaded perimeter defenses. Risks are scored and consolidated, putting hours' worth of investigation available at administrators' fingertips.

Step up Defenses

The challenges of dealing with the rising threat from well-organized criminals are compounded by IT resources that are already stretched thin. In fact, 43% of school IT managers said they didn't have enough staff to implement new technology, according to CoSN. Now factor in the high demand—and stratospheric salaries—of cybersecurity experts. It's predicted that 3.5 million cybersecurity jobs will go unfilled by 2021—and school districts are competing with well-funded enterprise IT departments for that talent.

That's why it's never been more important to use solutions like ClearPass and IntroSpect to more effectively and efficiently protect schools against these escalating threats.

Go Deeper

Learn more about ClearPass can prove secure network access control.

Learn more about how IntroSpect can spot changes in user behavior that indicate insider attacks.