Security challenges, ransomware attacks plague school districts
School safety challenges
The COVID-19 pandemic has brought classrooms to a virtual format, but in-person schools have already become incredibly reliant on technology over the years – from bus routing software used for transportation, to systems point of sale used in cafeterias.
âThe forced acceleration of digital transformation has made it difficult for security to keep up,â said Zach Jones, senior director of detection research at NTT Application Security. âMore daily ‘serious’ activity online means more opportunities for attackers. “
Jones, who tracks top application vulnerabilities in education, said the biggest technical security mistakes aren’t much different from other industries. In particular, the applications used by schools have been susceptible to issues such as insufficient authentication, URL redirect abuse and brute force attacks, he said.
Beyond these technical errors, the main security challenges facing school districts stem from a lack of basic cybersecurity hygiene expertise, Jones said, such as the limitation of exposed services to Internet such as Remote Desktop Protocol (RDP), the implementation of multi-factor authentication (MFA) and the management and protection of sensitive data. Another challenge is the lack of funding for schools to tackle security priorities such as patch management, he said.
âEven when outsourcing Internet access capabilities to professional developers, it is little possible to independently conduct robust security assessments of the software they provide, which means administrators and boards of directors. The administration making these contracts and the internal IT administrators managing the software and infrastructure are just convinced that security is included in the business, âhe said. “It is a particularly difficult position to occupy.”