Reducing the Remote Education Attack Surface With Security Intelligence

July 1, 2020 • The Recorded Future Team

This year, stay-at-home mandates issued by U.S. states and countries across the world for K-12 schools and higher-ed institutions created major challenges for educators, students, and families. Moving the entire education process online also opened a Pandora’s Box for security teams at education institutions.

This shift dramatically expands the attack surface for threat actors to go after — with ed-tech platforms, e-learning environments, video conferencing, email accounts, and websites managed by schools all presenting appealing targets. The amount of time students, teachers, and administrators spend connected to these environments will continue to be high in the coming months.

The Expanding Education Sector Attack Surface

Instances of hackers breaking into live online classes have forced education institutions to consider shutting down video conferencing altogether. Threat actors who gain access to certain high-privilege end-user accounts are potentially able to find an open door to the entire digital infrastructure of a school system, college, or university.

With users connecting from their homes, IT and security teams also have to be concerned about endpoint security postures. Many higher-education institutions already have systems in place for this, but may not be prepared for the increased scale and scope of this model being used, and K-12 schools may not be prepared for this at all beyond enabling some staff members to connect remotely.

Most people say they take appropriate steps to protect themselves online when connecting to the internet, but there is a general lack of understanding when it comes to applying cybersecurity measures. This is especially true when we add children and their parents to this equation.

Prior to the stay-at-home orders, the education sector was already a major target for ransomware attacks and extortion threats. In the rush to deliver online learning to students, some districts and institutions have circumvented the cybersecurity controls they previously implemented and are foregoing previous precautions taken against this new wave of threats.

Perhaps now more than ever, K-12 and higher-ed security teams need to apply a new, more methodical approach to security, not abandon what they already had in place — regardless of scope and scale.

Security Intelligence Solutions for Education Institutions

Recorded Future delivers unprecedented security intelligence solutions for the unique challenges facing security teams at education institutions. These six solutions comprise a framework for building a security strategy with intelligence at its core, enabling education sector security teams to mitigate the most relevant risks to their institutions:

  1. Brand Protection: Fake accounts, apps, and websites can all result in major damage to a school’s reputation. Security intelligence empowers education sector security teams to protect their brand with real-time alerts based on aggregated data from domain registration sites, social media profiles, web pages containing malicious content, and the broadest range of sources commercially available. Easily identify and take down typosquat domains, leaked credentials, bank identification numbers, fake social media accounts, code leaks, and mentions of the institution’s brand appearing in dark web markets.
  2. Third-Party Risk Management: Digital connections with suppliers, education partners, contractors, and others are now so critical that educational institutions typically share confidential and sensitive information with hundreds of third parties. The organization is only as secure as its weakest link; it’s estimated that more than half of all schools have suffered data breaches through vulnerable third parties. Contextualized third-party risk management helps IT make informed decisions and reduce overall risk with real-time security intelligence about the third parties in the ecosystem.
  3. SecOps and Response: Effective security operations and incident response are built on the ability to quickly identify and respond to relevant, previously unknown threats. Make faster, more confident decisions based on external indicators — automatically correlated with internal threat data — in real time and at scale across vast amounts of data, without any manual research.
  4. Threat Intelligence: Threat intelligence is the combination of insights, data, and context that enables security teams to prevent or mitigate cyberattacks. Recorded Future’s patented machine learning and automation make it possible to aggregate data in real time from open, closed, and technical sources. With searchable context on who is attacking, their motivations and capabilities, and the indicators of compromise to look for in systems, security teams are able to make informed decisions and take action quickly.
  5. Vulnerability Management: Vulnerabilities often introduce the risk of attack to your institution, and with thousands of critical new vulnerabilities emerging each year, it’s impossible to patch everything. Recorded Future’s vulnerability management solution scores risks based on real-time exploitation trends to deliver the critical context required to make fast, confident decisions when prioritizing patches and preventing attacks.
  6. Geopolitical Risk: Security teams need real-time contextual intelligence to defend against and respond to attacks on physical entities. Geopolitical risk management from Recorded Future accelerates critical decision-making with contextualized OSINT data about geopolitical threats and trends. Understanding the shifting dynamics in relevant geographic areas makes it possible to protect the institution’s assets.

These six solutions enable security teams to expose unknown threats and gain access to information that enables better decision-making. By producing a common understanding of external and internal threats — as well as threats related to students, teachers, and third-party partners — these security intelligence solutions accelerate risk reduction across entire IT ecosystems.

Security Intelligence in Action: Education Use Cases

Security intelligence makes security teams measurably more efficient, empowering them to focus on the activities that have the greatest impact on real-world risk.

Here are three examples:

  1. Security Vulnerabilities: Without the proper controls in place, e-learning platforms may contain exploitable security vulnerabilities that enable threat actors to compromise student and teacher accounts. Recorded Future surfaces the most relevant vulnerabilities to patch first. However, if a compromise occurs, security intelligence empowers security teams to identify possible breaches and repair any damage.
  2. Lack of Privacy Controls: A lack of proper privacy controls within e-learning platforms weakens security postures infrastructure and opens education institutions up to breaches through shared connections. Security intelligence solves this problem with incident response analysis that enables security teams to prioritize the constant barrage of alerts they receive and quickly identify the most important threats.
  3. Insecure Protocols: As students, faculty, and administrators remotely log in to school portals, insecure protocols can result in digital hijacking that leads to phishing and ransomware attacks. Security intelligence automatically defends against these attacks with firewalls, endpoint threat detection tools, and email filters that alert security teams in real time to the latest threat indicators and by adding new rules automatically to ensure systems are protected from the latest threats.

Educating Students Securely

Implementing security intelligence enables continuity of education and provides the peace of mind institutions need to leverage cutting-edge technologies like the cloud, IoT, mobile, and even AR/VR to enhance the educational experience.

Recorded Future enables educational institutions to confidently host daily classroom sessions that run more efficiently and connect with the value delivered by third-party partners across the educational ecosystem. Securely apply digital transformation processes to improve your school’s ability to deliver the educational services that administrators, teachers, students, and families demand — while minimizing the impact of cyber threats and increasing trust in your institution.

Drive your education institution’s security from analytics to action today. Read this white paper to start reaching higher with security intelligence from Recorded Future.

New call-to-action

Related Posts

How Elite Intelligence Makes MISP More Powerful

How Elite Intelligence Makes MISP More Powerful

July 28, 2020 • The Recorded Future Team

Security analysts are under more pressure than ever As businesses adapt to new realities, the...

How Security Intelligence Improves State and Local Governments’ Strategies

How Security Intelligence Improves State and Local Governments’ Strategies

July 23, 2020 • The Recorded Future Team

State and local security analysts and their teams are drowning in threat data Agency silos make it...

Continued Rise in Ransomware Attacks Against Healthcare Providers

Continued Rise in Ransomware Attacks Against Healthcare Providers

July 16, 2020 • Allan Liska

It seems almost trite to write a report about ransomware attacks against healthcare providers After...