Why Does the Education Sector Need Cyber Crisis Tabletop Exercises?

If you so much as glance at our monthly compilation of cyber attacks, ransomware attacks and data breaches, you’ll note one overwhelming fact. There’s one industry that’s never missing from the list of those targeted by cyber crime. And that’s the education sector.  

This fact pretty much answers the question we ask in the title – Why do Educational Institutions need Cyber Attack Tabletop Exercises?

But the question, definitely, begs a more in-depth look at the urgency of cyber drills and enhanced cyber protection for educational institutions. And that’s exactly what we’re going to do through this blog. We’ll also show you how to conduct effective cyber drills for your institution. 

Additionally, You’ll find an exhaustive compilation of recent cyber attacks on Educational Institutions at the end of this blog. This list is meant to offer you a refreshed perspective on just how rampant cyber crime in the domain of education really is. It also offers a retrospective glance at the tactics and techniques of threat actors who regularly target this sector. 

Further, understanding recent attacks in your industry can give you a good idea of the Incident Response strategies employed by your peers. You can then evaluate, with your team, what you thought worked well, what could have been done differently. The sum of these lessons learned can then be leveraged to improve, review and refresh your own cyber incident response plans.

What Makes the Education Sector a Prime Target for Cyber Crime? 

Before we delve into the best ways to curate effective Cyber Tabletop Exercises for the Education Sector, let’s look at what makes this industry such an attractive target for cyber criminals. 

There’s a host of reasons why rookie hackers to expert ransomware gangs continue to attack schools, universities and other educational institutions. In our opinion, these are the three main ones:  

  • Wealth of Data: If it’s sensitive information a hacker is after, there’s tonnes of it in an educational institution. From personal data of students, alumni, staff to financial records of payments made by parents, health information on allergies and medications etc., schools and colleges often hold vast troves of information that can be exploited.

    Apart from the shock value of leaking sensitive data of children and minors (which cyber criminals love), this data can also be used for financial fraud, identity theft and many similar malicious activities. 

    Institutions of learning also offer cyber criminals a large attack surface, especially since the COVID-19 pandemic. Extensive use of online learning platforms, remote access tools and use of personal devices for school work etc., all increase the entry points for attackers into an educational institute’s network.

  • Low-hanging fruit: This is an unfortunate, general truth about the education sector – cybersecurity awareness and sophisticated security measures run low in supply. Most educational institutions will typically have lower budgets for IT infrastructure and cybersecurity controls compared with large government bodies or multinational organisations. This makes it much easier for cyber criminals to breach defences, infiltrate their systems and compromise data.

    The high user turnover at educational institutions makes matters worse. With students graduating each year and new ones taking their places and a significant churn in teaching staff too, it’s difficult to keep a tight control on security protocols. 

  • Disruption and Theft of Intellectual Property: Like we said before, hackers love drama. A cyber attack at an academic institution leads to significant disruption and chaos. Classes can be disrupted, research work may be brought to a hold, important events may have to be cancelled.

    Such disruptions may often put pressure on the institution of learning to negotiate with the attacker. One of the most compelling reasons for attacking universities and specialised learning institutions often is intellectual property theft. Advanced educational facilities will often have students working on cutting-edge technologies and confidential research projects.

    Cybercriminals, including state-sponsored actors, may target these institutions to steal research data or intellectual property for competitive or geopolitical advantages.

Given the above reasons, it’s clear that institutions of learning can be very lucrative and easy-to-breach targets for cyber attackers. And this is precisely why entities in this sector require regular Cyber Attack Tabletop Exercises

Tailoring Cyber Attack Tabletop Exercises for the Education Sector 

Cyber Crisis Tabletop Exercises have to be sector-specific and extremely relevant no matter the industry. However, for the education sector, the cyber drill must be even more nuanced.  

One has to keep in mind that the data that may be exposed in a cyber attack in this industry can be highly sensitive as it will belong to minors in many cases. Further, attacks on institutions of learning can disrupt classes, teaching and research, directly impacting the academic and even career progression of many students. 

The Cyber Tabletop Exercise has to take into consideration the fact that many people in-charge of responding to the attack or managing crisis communications may be entirely non-technical. Therefore, the cyber drill scenario must speak to them and elicit the right responses. 

Collaboration is key for any cyber exercise but particularly so for one in the education space. When done correctly, cyber tabletop exercises can massively improve communication and coordination among different departments and stakeholders during a cyber incident. This collaboration is critical for an effective and timely response to cyber threats. 

Such collaboration also results in a better cybersecurity culture for the entire institution. Once teachers and administrators understand the current cyber threat landscape and enforce better cybersecurity practices, the effect trickles down to all students using institutional or personal devices. 

In the next section, we look at some of the top Cyber Crisis Tabletop Exercise Scenarios that educational institutions must focus on. 

Cyber Tabletop Exercise Scenarios for the Education Sector

The key to a successful Cyber Attack Tabletop Exercise is the scenario it is based on. The scenario must be curated specifically for your business and industry. 

In the case of Cyber Drills for the Education sector, here are a couple of scenarios we always recommend our clients rehearse. These cyber attack scenarios are not only relevant for academic institutions but are also the ones that occur most commonly in this sector based on historical data. 

  • Phishing Campaign: Very often, an attack on a school or university begins with a phishing email. Like we discussed earlier, cybersecurity awareness levels can often be lower in this industry. Therefore, an unsuspecting member of the staff or even a student, might click on a suspicious email attachment or link. This can jeopardise the entire institution’s network. A phishing campaign can also compromise user credentials or unsecured passwords. 

    While rehearsing this scenario, make sure there is adequate discussion about cybersecurity hygiene and the importance of using 2FA and strong passwords. 

  • Ransomware Attack: Simulating a ransomware attack would typically involve critical data being encrypted. This would be followed by the attacker demanding payment for decryption. A ransomware attack can also bring the online systems of the institution to a halt, potentially disrupting teaching, research work, administrative tasks etc. 

    Focus on how your educational institution will deal with this disruption while simultaneously containing the situation. Who will lead communication with stakeholders, parents and students? And always remember, it’s never ever recommended to negotiate with ransomware attackers. There’s no honour amongst thieves in the world of cyber crime.   

  • Data Breach: A data breach scenario is straightforward – sensitive student and staff information is compromised. Now you need to practise for identifying the breach and notifying affected individuals and the appropriate authorities. It is also imperative to deliberate over measures that can be implemented at your institution to prevent such incidents from actually occurring.

Author

dareywealth