This is guest post written by Hack Secure's Matt Lynch, a recent graduate of Bentley University. Check out his perspective on how educational institutions can do a better job preparing their students for the very real cyber threats they face.
While at school, there is one thing I had always felt, safe. The campus had its own Police Department and emergency crews were no more than a few minutes away at any given time, a fact that was tested several times given the number of new cooks. However, looking back after my time working within the cybersecurity industry, I feel I may not have been as safe as I had thought. While they may have been doing everything they could to physically protect, I was left vulnerable online. Cybercrime is an ever-present threat to today's society, and schools are the new target that cybercriminals are exploiting.
Hackers are getting smarter every day, developing new methods and techniques to break into systems undetected. As companies begin to view cybercrime as the threat that it is, they realize that their old endpoint protection from software like McAfee, Sophos, Norton, and others just does not cut it anymore. They are now beginning to look towards scaling their security at the same rate that the hackers develop their new tricks. They are doing this through software developed by the likes of Carbon Black, CrowdStrike, and Cylance.
Schools, on the other hand, continue to use antiquated software every day. Even a smaller university with a few thousand students and a couple of hundred faculty members has potentially tens thousands of unsecured endpoints at any given moment. Most schools will provide a computer for each student and faculty member with Sophos, McAfee or Norton pre-downloaded on it as its default anti-virus protection. Students and faculty alike will also often bring their personal computers, tablets, and phones with them, all of which are connected to the school's network. Being that the user of most of these devices is most likely a young adult between the ages of 18 and 22, it is not crazy to assume that they may be used to enter some less than legitimate sites to stream Game of Thrones or watch a basketball game. These sites often pose a high risk of containing malware, which is not always detected by over the counter security products. This type of attacks is one of the passive ways that hackers can get into the system because the school's endpoints have either the minimum protection or even no protection at all.
It is now time for schools to realize that they are in fact a business and that they need to act like it. All schools hold mountains of valuable information to hackers. They have records of all of their customers' and employees' social security numbers, bank accounts, credit cards, and addresses. If a hacker were to hack a school, all of the students, their parents, and the faculty would be at risk of identity fraud, credit card fraud, and several other crimes. By switching over to more modern tactics of endpoint security, schools will be less vulnerable to attacks as it will limit the potential of future attacks by making it more difficult for the infiltrator to break into the network in the first place, and detect it faster if a breach does occur.
What companies like Carbon Black do is make it simple for large businesses such as schools to get high-quality, next-gen anti-virus software, by having it be one agent, one console, and cloud delivered. The next-gen antivirus will automatically detect ransomware, malware, and non-malware attacks on any of the endpoints connected to the network. The agent that is on the device will then send it through the cloud, to the console, which will be under the control of the head of cybersecurity. From there, they can decide to shut down the device remotely to prevent any harm from being done to the network.
If schools were to invest the money in next-gen cybersecurity detection products, then they will significantly decrease the likelihood of any cyber attack from happening at all, and reduce the potential risk from any attack that does occur; allowing them to worry about education first, and safety second.