What to expect in 2021 for cybersecurity in education

Organisations will need better, more creative ways to build up cyber trust, says Otavio Freire, CTO of SafeGuard Cyber

This year will likely be recorded as one of the most challenging in the history of the education sector. However, it’s worth examining what lessons we can glean as we progress through 2021.  

At SafeGuard Cyber, we canvassed our expert board of advisors for security predictions ahead of this year. We asked for their views on how approaches to technology and digital transformation should and could evolve. Javvad Malik, security awareness advocate at KnowBe4, said the following:

“In 2021, the default position for most organisations will be full paranoia. Can you trust your email? Your social media feed? Your politicians? Your customers? Your employees? Your corporate devices? The answer will be a resounding no. So, organisations will have to come up with better and more creative ways of working out trust. This is an issue that extends beyond technology and very much into the human world.”

In truth, Javvad’s prediction already has a ring of truth. The education sector is right to feel paranoid. Between July and September, the sector endured a 20% rise in cyberattacks, with ransomware being the primary threat. 

The education sector has responded to these unprecedented disruptions; according to TechCrunch, funding rounds in the edtech space have increased by around a third in the second half of 2020, reaching a total of US$6.40bn since the mid-year point. The best technologies will be those that resonate with Javaad’s prediction, and put trust at the heart of how they manage both technology and staff.

The cybersecurity lessons of 2020

Before COVID-19, tech in education was seen as a facilitator of existing systems. It was regarded as a set of tools empowering institutions to:

  • exchange information faster
  • make lessons more interactive
  • build digital literacy

A great example is gamification, which research has shown can be a powerful tool for engaging and motivating students, and which many institutions have embraced. Smart boards have also become indispensable tools for delivering a dynamic learning experience. And even simpler hardware, like tablets and document cameras, have proven very useful in enhancing student learning.

However, powerful as these tools were, they were always add-ons. They always augmented the central system.

In 2020, technologies like these became the system itself. Following the sudden shift to virtual learning, these technologies were transformed overnight into critical infrastructure. Without these tools, the basic task of delivering lessons was not possible.

Unfortunately, while we learnt that these tools were powerful in a remote environment, we also saw that they were far from secure. 

Our Digital Risk Survey 2020 revealed that senior IT and security professionals rated internal collaboration platforms like Slack and Microsoft Teams as the technology stacks presenting the most risk. Many, many schools were forced to use cloud collaboration tools to shift their operations online. The outcomes often weren’t good.

From students DDoSing their own school systems to escape class, to surges in ransomware attacks, the entire education infrastructure became a target – and proved to be very vulnerable. Many educational tools themselves expanded the threat surface of virtual education, as third-party edtech firms failed to secure data inside their platforms.

In short, 2020 created major paranoia in the education sector, because it wasn’t clear if anything or anyone could be trusted to deliver true security in the digital classroom. Edtech kept the classroom populated, but in many cases it left the doors unlocked.

How can edtech deliver a more secure 2021?

In 2021, educational institutions will need to keep operating the digital classroom. To be more secure than they were in 2020, school systems will need to overhaul their thinking in two areas: network systems and student wellbeing.

Securing network systems

In an interview on the Zero Hour podcast, K-12 security expert Frosty Walker revealed that, in online black markets, student data fetches a high price, noting, “The reason for this is, if you or I had our identity stolen, we would recognise that in a couple of months, at the most.” Mr. Walker continued, “But a student, say a second grader, potentially is not going to ever know that their ID has been stolen and used, until they turn 16 or 18 and get a job, or until they go to college. It’s a much longer time to utilise that data, so that makes that data much more valuable.”

It’s a scary thought – including for the institution that failed to secure their network and protect the student. In years to come, we could see a slew of damaging retrospective civil or criminal lawsuits emerge. 

Ransomware presents another serious threat. This year, ransomware attackers have seen how easy it is to break into educational networks. They mounted countless attacks, and many of the victims paid up. As a result, the economic incentive is high for attackers to strike again. Again, this introduces a serious liability issue. Civil lawsuits from teachers, families, and unions will pile on top of ransomware costs.

Expect 2021 to be the year when wiser local governments and educational institutions realise the following: prevention is cheaper than cure.

We can expect to see more petitioning from localities for federal funds to install cybersecurity measures or hire security-specific staff. Moreover, putting smarter controls in place will become a priority. Institutions will opt for secure application portals rather than tools that operate on the basis of network access. 

As part of the boom in edtech funding, we should hope there are many solutions that will provide institutions with: 

  • total visibility across their threat surfaces
  • automated powers of detection 
  • blocking of malicious payloads and data exfiltration

Maintaining student wellbeing

Though less directly related to security, this is another crucial issue. We’re a long way from being back to a pre-pandemic way of life. There are likely to be intermittent viral waves, and shifts in and out of lockdown. The full vaccination of populaces will take months or years.

As a result, students and teachers will continue to operate under incredible strain. They will continue to endure stress and burnout. The pandemic has been hard on everyone, but it’s been especially hard on students. 

Empathetic and progressive institutions will want to do everything they can to mitigate the impact of this psychological pressure by maximising student wellbeing. For example, they will strive to minimise cyberbullying. This will require getting a better handle on their digital infrastructure. 

For example, one of our K-12 customers monitors chats and conversations in their Microsoft Teams instance, and found:

  • 1,989 instances of inappropriate conduct (includes cyberbullying and digital harassment)
  • 180 mentions of violent activity
  • and 74 references to drug use.

This was in just 10 days of real-time scanning. 

Increasingly, smart institutions will realise that they can’t afford a lack of visibility into the digital experience of their students. They will acknowledge wellbeing as a key issue in the virtual classroom, and recruit tools that allow them to monitor for signs of cyberbullying, self-harm and other risks. 

For anyone associated with the education sector, it’s been a tough year. But learn the right lessons, and everyone can feel like they have a lot more control during 2021. They key will be to recruit the edtech tools that give you trust:

  • Trust in the security of the virtual classroom
  • Trust that your cloud channels are being properly monitored
  • Trust that student wellbeing is being prioritised

Gain this trust, and everything else will be easier. Here’s to a better year.


You might also like: Education that meets the needs of the ‘new normal’


 

Leave a Reply

UPCOMING LIVE WEBINAR

Better data for better education

Thursday July 8 11AM (BST)