Ethical Hacking: Lessons Learned from Education Systems

by Sarah Harvey / May 2nd, 2019

What Security Threats Do Education Institutions Face?

In today’s threat landscape, there’s no excuse for any industry to not be aware of the advancing cyber threats they’re faced with. For education institutions, this could be malware, ransomware, internal attacks, targeted attacks, and so much more. In this webinar, one of our expert penetration testers, Stuart Rorer, discusses why the education sector needs to be concerned about security risks, gives real-life examples from his experience as a systems administrator at a private school, and provides next steps your organization can take to ensure that you remain a secure and trusted education institution.

While some may view the education sector as less of a threat for a cyber attack, the reality is that the education sector is just as likely to experience a data breach or security incident as, let’s say, a financial institution or a healthcare organization. Think of the different types of sensitive assets the education sector uses on a daily basis: names, dates of birth, standardized testing scores, attendance and grade records, email addresses, phone numbers, Social Security numbers, and financial aid information. These types of sensitive assets are hot commodities for malicious hackers, and they’ll do anything they can to get their hands on them, regardless of whether you’re a public or private school or if you have hundreds or thousands of students. All education institutions are faced with the threat of experiencing a data breach or security incident because of the security difficulties they’re faced with such as open access infrastructure, loose security controls, ease of access, and external trusts.

Real-Life Examples: Security Threats to Education Institutions

Understanding the threats facing education institutions wouldn’t be possible if there weren’t real-life examples to learn from. In this webinar, Stuart Rorer covers four examples, including:

1. Ransomware Attack: Not wanting to leave his laptop in his car, an accountant brought his work laptop into a coffee shop, logged into open network WiFi, and because he didn’t use a VPN or other secure way to access the internet, he inadvertently downloaded ransomware.
2. Disgruntled Employee: A higher education institution experienced an internal attack from a disgruntled former employee. This employee accessed a file with salary information and threatened to release the information to one of the global addresses within the organization.
3. K-12 Organization: A K-12 organization believed they had a persistent intruder who tried to access student information, tests, etc. Recognizing this, the organization began to change the admin password, but attacks kept occurring. While it was initially believed to be malware, but it turned out to be one of the senior students.
4. Community College: A community college was having a lot of malware issues, and their IT administrators couldn’t figure out what was causing the problem. Their penetration tester realized that there was a wireless network that was named similarly to the college’s network, which allowed students, faculty, and staff of the college to input their passwords and other sensitive information when they connected to that network, making them easy targets for an attack.

Are you an education institution that needs to learn more about the security threats you’re facing? Want to learn more about how penetration testing can help keep the education sector secure? Watch the full webinar now.