Security challenges, ransomware attacks plague school districts


School safety challenges

The COVID-19 pandemic has brought classrooms to a virtual format, but in-person schools have already become incredibly reliant on technology over the years – from bus routing software used for transportation, to systems point of sale used in cafeterias.

“The forced acceleration of digital transformation has made it difficult for security to keep up,” said Zach Jones, senior director of detection research at NTT Application Security. “More daily ‘serious’ activity online means more opportunities for attackers. “

Jones, who tracks top application vulnerabilities in education, said the biggest technical security mistakes aren’t much different from other industries. In particular, the applications used by schools have been susceptible to issues such as insufficient authentication, URL redirect abuse and brute force attacks, he said.

Beyond these technical errors, the main security challenges facing school districts stem from a lack of basic cybersecurity hygiene expertise, Jones said, such as the limitation of exposed services to Internet such as Remote Desktop Protocol (RDP), the implementation of multi-factor authentication (MFA) and the management and protection of sensitive data. Another challenge is the lack of funding for schools to tackle security priorities such as patch management, he said.

“Even when outsourcing Internet access capabilities to professional developers, it is little possible to independently conduct robust security assessments of the software they provide, which means administrators and boards of directors. The administration making these contracts and the internal IT administrators managing the software and infrastructure are just convinced that security is included in the business, ”he said. “It is a particularly difficult position to occupy.”

Leave A Reply

Your email address will not be published.