IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

An Ed Tech Leader's Guide to Understanding Cybersecurity Threats

What IT leaders need to know about their attackers and methods.

SACRAMENTO, Calif. — Education institutions have been prime targets for cyberattacks along with other industry sectors, but it's not always easy for small IT teams to keep up with the threat landscape. Cybersecurity experts laid out who's behind the attacks, what motivates them and how they're attacking at the annual California Educational Technology Professionals Association conference this month.

School districts are prime targets because they hold onto young data from children, including addresses, Social Security numbers and health records, said Erin Dayton, senior program specialist at the Multi-State Information Sharing and Analysis Center (MS-ISAC) at the nonprofit Center for Internet Security. They often don't have enough IT staff resources, run out-of-date software and operate in open environments, which make them easy pickings for attackers.

Universities also store valuable information of not only students, but their parents, applicants, season ticket holders, alumni and employees. Attacks on higher education institutions can lead to valuable financial data and intellectual property, said Christopher Thomas, special agent in the cybersecurity unit at the FBI.

Who the attackers are

Nation-states and organized cybercriminals are two of the main types of attackers that wreak the most havoc. In phishing attacks alone, 89 percent of those attackers came from organized crime syndicates, while 9 percent came from state-affiliated actors in 2015, according to Verizon's 2016 Data Breach Investigations Report

Hacktivists can also do damage, but represent a small threat in comparison to the other two.  

"It's like a gnat that's in your presence that you're constantly trying to get out,"  Dayton said.

Insiders pose far less of a threat, and for the most part, they tend to make mistakes rather than taking revenge, Dayton said. 

Why they attack

The Verizon report found that attackers in 89 percent of data breaches last year had financial or espionage motives, with financial motives being the most prominent by far in more than three-quarters of breaches. Other motives for nation-states could include political leverage, intellectual capital, competitive insights and cyberwarfare, Dayton said. 

As for hacktivists, they're all about advancing their own agenda on social, political or ideological issues. They take advantage of opportunities and target specific victims to make their point, Dayton said.

Insiders who knowingly attack their organizations could be motivated by revenge, power and control, among other things, she said.  

How they attack

Hacking and malware easily made up the top two attack strategies last year according to the data breach report. But social attacks including phishing have also seen a lot of success. Phishing involves sending deceptive emails with malicious attachments or links to users.

The data breach report pulled together more than 8 million results of sanctioned phishing tests last year that security awareness vendors used to see how users would respond. About 30 percent of them opened the email, with 12 percent actually clicking on the attachment or link.

This year, education institutions are seeing quite a few phishing attacks and ransomware attacks, which result in encrypting victim files so administrators can't access them and asking for a ransom. Attackers are also exploiting open printers and unpatched or out-of-date software, Dayton said. Some other methods include attacking with brute force, injecting malicious SQL statements to attack websites and SQL databases; and overwhelming websites with traffic in distributed denial of service attacks.

Cybersecurity continues to be a major issue for organizations in every industry, and every education institution could be attacked at any time. That's why it's important to take recommended security steps to make it harder for attackers to succeed.

"If you have a device that's connected to the Internet," Dayton said, "you are a target."