Cover Feature Cyber Security
Schools are the soft underbelly of Cyber and needs more focus
T By Pip van Wanrooij
he modern cyber battlespace now includes schools. In recent times there has been a trend towards cyber-attacks on softer targets, including educational institutions. Schools, as major users of digital technologies, web-based platforms, and data management systems, are being systematically targeted. The reality appears to be stacked in favour of the technically trained and well-funded bad actors. Disgruntled students are also inflicting highly damaging cyber-attacks, of their own. Recently, there have been a number of high profile attacks on schools in the Asia-Pacific region, amongst them Australia, Japan, India and according to the K-12 Cyber Incident Map there has been 415 plus cybersecurity-related incidents involving U.S. public schools since 2016 . In Australia K-12 school system, the focus has been predominantly related to dealing with cyber-bullying, image-based abuse, irresponsible online behaviour and developing a simplified cyber safety message. However, as technology-led classrooms rely upon software applications, web-based platforms and mobile learning technologies to facilitate learning, it also serves as an entry point for illicit harvesting of personal identifiable information (PIIs), and unregulated third party access.
34 | Australian Cyber Security Magazine
Schools hold sensitive and personal data points for teachers, staff and students. Online collaborative tools, including learning management systems, gradebooks, and emails lack significant privacy controls, access management issues and poor password control. Increased use of cloud services, POS terminals, tap and go technology, remote user access and social media platforms used by schools are vulnerable to unauthorised access and security threats. Passive data collection by thirdparty vendors and hackers accessing CCTV camera systems on school grounds is leaving students and teachers exposed.
Cyber threats continue to grow and evolve The sophistication and frequency of cyber intrusion and digital sabotage continues to evolve. Naivety to methodologies, compromised devices, software and hardware vulnerabilities allows systematic exploitation. Schools networks are increasingly targeted by ransomware, data theft and denial of service attacks (DDoS). The Cyber threat continues to grow and evolve due to the prevalence and sophistication of social engineering tactics, the multitude of smart-devices connecting to school networks, students improved hacking abilities and motivations, and
