Educational Institutions: The Next Frontier for Cybercriminals

We’ve become all too accustomed to seeing headlines heralding how cybercriminals have bested yet another corporation’s security protocols. While enterprises and financial institutions have typically been top priorities for these bad actors, the education sector has become an increasing target. IBM X-Force recently published its Threat Intelligence Index 2019 which shed some light as to why this sector has started garnering attention from cybercriminals and hacktivists alike.

Educational institutions collect an immense amount of data on student populations―from names and addresses to social security numbers, financial records and more. Additionally, a wealth of data is captured on alumni, faculty and staff who work at these institutions as well as the organizations and associations which partner with them. As a result, schools and universities are sitting on a treasure trove of sensitive information that can be very lucrative on the Dark Web. And for higher education institutions known for their medical centers or research facilities and projects, the risk is even greater.

Further compounding the problem is the need for schools and universities to manage a sprawling network that has thousands and thousands of connection points since students often use a phone, tablet and computer on campus―some school-owned and some personal. And with other internet-connected devices such as digital assistants on the rise, the problem continues to grow. Today’s schools and universities are susceptible to malware, bots, denial-of-service attacks, and more, so finding solutions that can thwart these threats while still giving educators and students the capability to collaborate freely is key.

Cybersecurity experts agree login credentials are among the most common areas where systems are compromised. It makes sense when you think about the myriad of passwords the average person has to navigate between work and personal email, social channels, financial accounts, subscription services, retail sites―the list goes on and on. But technology is helping education institutions take an offensive stance against cybercriminals by securing access to information across a multitude of disparate technology platforms, systems, applications and devices. Two solutions that educational institutions are adopting to combat cyberattacks are Single Sign-On (SSO) and Multifactor Authentication (MFA) .

SSO solutions allow schools and universities to more easily and securely manage access to proprietary or confidential information while offering students, alumni, partners, faculty and staff a simplified way to manage logins with one click, and only one set of credentials. For IT administrators, SSO provides easy configuration and actively supports compliance and governance protocols, thereby helping to reduce overhead costs and improve productivity. For users, it consolidates logins across devices and applications to reduce the number of passwords they need to remember and allows them to move seamlessly from one system or application to another, thus eliminating the frustration that often comes along with password recovery and resets. But SSO alone solves only part of the problem.

That’s where MFA comes in. MFA combines the power of behavioral profiling, device identification and calculated risk factors to automate the authentication process in a transparent yet powerful manner. With MFA, educational institutions can seamlessly verify that the person requesting access is who they say they are before granting that access to an organization’s systems, data and applications. Digital behavioral profiling allows IT administrators to create user and channel profiles based on information such as location, connection type, device ID, etc., then combine that information with calculated risk factors such as logging in from a foreign country or using an anonymous or hosting proxy. This digital profile allows the MFA solution to detect anomalous behaviors at the first attempt to log in―either denying access or ushering the user further down the verification process, where adaptive authentication is triggered using challenge-and-response questions, one-time passwords or other security options set by the school or university.

Regardless of the industry, most IT professionals will tell you what keeps them up at night is the recurring nightmare of a data breach. We’ve seen the devastating effects these attacks have on organizations―loss of customer confidence, decreased revenues and battered reputations. For schools and universities, it can mean a decrease in enrollment, alumni donations and grants.

Cybercriminals are growing more sophisticated every day which is why cybersecurity is one of the key areas where IT administrators are investing. Unfortunately, cybersecurity risk-management practices within the education sector are among the least mature when compared to other industries―making both K-12 and higher-ed organizations targets ripe for the taking. Employing SSO and MFA together forms the foundation of a comprehensive cybersecurity plan that will ensure educational organizations are able to detect bad actors and safeguard data, applications and systems in real-time― offering school IT administrators additional peace of mind (and a more restful night’s sleep).