Getting "Educated" on Cyberattacks.

COVID-19 forced massive upheaval and disturbance to the methods used to teach and for pupils to learn. The situation involved a speedy move to remote working and with it the reevaluation of the systems and processes that have been in place for many years.

This sudden shift has left the industry exposed. "Few institutions appeared to have a risk management strategy in place that would allow them to respond to a pandemic, particularly the capacity to offer online programs and support when the crisis hit," says Frans van Vught, joint project leader of the university ranking system U-Multirank.

It does not come as a shock that the majority of schooling systems, if not all, were under-prepared for such a transition. If we look back from January 2020, no one could have predicted what would evolve. In response, and in a bid to uphold some level of continuity, new rules have been implemented, new systems put in place, and new guidelines for teaching and learning have been made, but these rules differ from country to country, institution to institution, and the structure and clarity has been lost along the way. It is exactly this, the ambiguity of the entire situation, that cybercriminals are taking advantage of.

The methods used by attackers are sophisticated, and attacks against the industry are increasingly aggressive. From ransomware to malware, headlines with the latest breaches and threats are strewn across the news, and what is shouted about in print presents only a fraction of the real issues that this sector is facing.

"Not only have I seen the number of attacks in the education industry rise over the course of 2020 and 2021, but I have personally dealt with such an attack," says Feras Tappuni, CEO of SecurityHQ. "The school of a family member of mine was recently hacked. The hacker got into the database of the school. This database was then ex-filtrated, and the bad actor impersonated the accounts receivable. This meant that many of those on the parents list that the attacker now had access to fell for the scam. This resulted in the school having to reimburse the parents, costing the school thousands--and these threats and attacks are far from rare. Many do not make it into the news."

The education sector always will be a prime target for hackers--mainly because the attack surface is so large. The sheer size of the industry, and with it the potential of great financial gain, data theft, and espionage makes it a prime target for...