EdTech has seen tremendous growth in the past few years encompassing all levels of education. The Covid-19 pandemic gave it a booster shot. Kindergarten kids now attend school through Zoom classes. Google classrooms have become a staple in multiple schools. University education is becoming slowly digitized through platforms such as Coursera. Similarly, professionals can now upskill themselves online as per the demands of the job market. Corporates now conduct training programs online facilitating remote work.
This shift towards using digital tools to enhance education has its set of problems. EdTech has become a prime target for frequent and high-intensity cyberattacks which are rising rapidly year after year.
Consider the following cases:
- In 2019, the Louisiana governor had to declare a state emergency when ransomware attacks hit multiple school districts in the state. IT networks of the affected school districts went down and files were made inaccessible. Such attacks are not singular incidents.
- According to K-12 Cybersecurity Resource Center, a data breach in the 2019-2020 school year to an EdTech vendor’s system exposed the personal information of several thousands of students online. 13,000 school districts and universities were estimated to be affected by this breach.
- 61 percent of the 7.7 million malware attacks faced by firms in the month prior to June 2020 belonged to the education sector as reported by Microsoft Security Intelligence.
EdTech is becoming increasingly vulnerable to cyberattacks as seen from the above instances. Sometimes, the attacks can be due to lax cybersecurity implementation. Even a company with robust cybersecurity measures can become vulnerable to attacks. This is due to the involvement of multiple vendors in most EdTech interventions. These vendors may not necessarily follow the same standards. Therefore, it becomes crucial to ensure rigorous protection against any external cyber-attacks.
Common Threats Faced by EdTech Firms in Recent Times
While EdTech firms are vulnerable to various types of cyberattacks, the following are the most common ones faced by them on a frequent basis:
- Cloud security breaches: Most EdTech companies use cloud-based solutions for their interventions. Among other things, this helps them to create a virtual depository of data for easier access, dissemination, and analytics. At the same time, it increases the risk of data breaches concerning the personal information of students and educators, and any related financial and operational data associated with institutions that deploy these EdTech interventions. This illegally obtained information can be misused to redirect payments to fictitious accounts that hackers control.
- Phishing: This is one of the oldest as well as the most common threats internet users face these days. In this, the cyber attacker masks themselves as a trusted entity and dupes the user into divulging private and sensitive information such as credit card numbers. EdTech platforms frequently face phishing attacks due to children being easy targets.
- Denial of Service (DoS): In this, users are denied access to data or systems they normally use. The cyberattack floods the network with information and disrupts existing services. In the context of EdTech, this means disruption of classes as educators and students would be unable to access online classrooms or study materials.
- Malware: This is software installed on a computer or a server without the knowledge of the user. It can be of various types such as adware, worms, ransomware, and so on. Malware is employed to steal information and commit online crimes such as extortion. Recently, Blackbaud, a cloud service provider for education institutions had a major security breach through a ransomware attack affecting millions of individuals.
- Zoombombing: It is a recent phenomenon where online video conferencing platforms are interrupted by intruders. Incidents such as hate speech against students during online classrooms, or exposure to unwanted and harmful media during virtual classes impede learning through these platforms and create fear of using technology.
Data Protection Regulations and Rules for EdTech
EdTech firms should be aware of and in line with concerned regulations such as:
- Family Educational Rights and Privacy Act (FERPA), which is a federal law that protects the privacy of student education records.
- Children's Online Privacy Protection Act (COPPA) mandates parental consent for the collection and use of any personal information related to children online.
- Protection of Pupil Rights Amendment (PPRA) focuses on the protection of student information collected through surveys and parental consent regarding the same.
- Student Privacy Pledge is an industry pledge to protect student privacy in terms of collection, maintenance, and usage of student information. It is voluntary but legally binding.
- In the EU, General Data Protection Regulation (GDPR) is the regulatory framework for the management of data privacy of individuals. It covers EdTech companies as well where organizations assess and process large volumes of information involving user data.
How to Protect Your EdTech Company and Concerned Stakeholders from Cyberattacks
We have seen that breaches come at unacceptable costs. It is of paramount importance that EdTech companies follow compliance standards and keep cybersecurity protocols in place and regularly review and update them.
- Federal Information Systems Act (FISMA) requires federal agencies to implement an information security program. This also applies to private businesses having a contractual obligation with the government.
- National Institute of Standards and Technology (NIST) guidelines are formulated to meet the regulatory requirements of FISMA. These include risk assessment, documenting baseline controls among others.
- International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 provides best practices for information security management systems (ISMS) of an organization. These requirements help organizations to secure information entrusted by third parties in addition to organization-specific assets such as Intellectual Property.
Deploying EDR and XDR
EdTech vendors generally are connected to hundreds and thousands of endpoints. Endpoints are devices that are connected to a network from where data can be transferred back and forth to the network. These devices can be mobile phones, computers, tablets, and in some cases even servers in a data center. Unsecured endpoints provide easy access for infiltrating networks through cyberattacks. This is particularly important in the context of remote work and firms adopting Bring Your Own Device (BYOD) policies.
Endpoint detection and response (EDR) comes into the picture to address these vulnerabilities. It is an integrated endpoint security solution for quick identification and response to cyber threats.
EDR includes the following:
- Endpoint data collection: All data related to endpoints such as volume of activity, connections, and data transfers is continuously collected and monitored.
- Automated response: EDR solution has preconfigured rules for automated responses. Here, it can recognize known types of security breaches. In doing so, it sends automated responses to concerned users such as alerts or notifications.
- Analysis and forensics: EDR depending on the need can do real-time analysis for quick diagnosis of threats that do not match its existing rules. At the same time, its forensic tools can conduct a post-mortem analysis of an attack. This can help secure the network and systems against future attacks. Moreover, these forensic tools can also proactively undertake threat hunting as precautionary measures.
Extended Detection and Response (XDR) is considered to be the logical evolution of EDR. Analyst firm Gartner defines it as “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” This goes beyond the standard detection tools, providing a holistic understanding of threats across the technology landscape.
Since XDR integrates multiple products and platforms, it provides improved detection. Data is collected across several layers from not only endpoints but also other areas such as cloud workloads and emails. This prevents any security silos as each layer is scrutinized in the context of other layers. Further, it employs current and latest technologies improving threat visibility. It also increases the productivity of security personnel as they have an entire gamut of tools for incident response. Moreover, it lowers the total cost of ownership (TCO), as effective detection and response to security threats prevent exponential damages.
At BluSapphire we believe, and our product warrants this belief, that cybersecurity today is evolving beyond XDR, and that achieving this capability can be easy, efficient, and effective for organizations of all scales and sizes.
Standard Pointers to Defend Against Cyber Attacks
- Conduct a security audit from time to time.
- Proactively search for vulnerabilities in networks and systems.
- Regularly conduct cybersecurity awareness sessions. Employees and users must be made aware of data protection and security protocols in place.
- Strong and unique passwords must be made mandatory along with regular notifications to update them periodically.
- Implement two-factor authentication particularly in the context of payments.
- Consider investing in cybersecurity insurance depending on the needs of the EdTech organization.
- Try to ensure lifecycle security when multiple vendors are involved.
- Critical IT systems can be moved to specialist hosting providers to increase cloud security.
EdTech is revolutionizing education by making individualized learning scalable. This is a huge step towards digital equity. To properly harness and secure the compounding effects of EdTech, a proper cybersecurity regime must be made a pivotal aspect of all EdTech companies.