Security Challenges in Education: The Growing Attack Surface

Delivering ICT resources in an educational environment comes with challenges that are unique to the education sector.

 In a market where attracting and retaining students, along with ensuring that those students achieve the best they can during their time at the establishment, Schools, colleges and universities are expected to deliver a more open and enriched experience. The use of ICT resources is ubiquitous in all aspects of a students’ education journey, both within and outside of the classroom environment delivering both educational and social needs. This presents a challenge to IT in ensuring that the environment delivers the correct educational experience that is also secure and reliable.

In a traditional educational environment there are a number of core areas that challenge that need for both security and flexibility:

  • eSafety – there is a duty of care within the educational environment to protect students in the use of ICT resources and the Internet. This includes Cyber Bullying, online grooming and radicalisation. Policies should already exist that detail the responsibilities either in an ICT policy and or the relevant Bullying and Prevent policies. However, systems should be deployed that assist in the monitoring of the use of ICT resources, while not infringing on the privacy of the students
  • IoT – The growth in connected “things” is increasing and an educational establishment is an environment where that growth is being seen at a much greater rate. Traditionally IoT would have seen elements of building management and security either running over the campus network or more frequently on a separate isolated network. However that is now changing as devices are connected to the campus network to assist in the delivery of the curriculum from connected machinery for mechanical engineering courses to sensors designed and developed by students as part of a degree course. One thing all these sensors have in common is the need to collect data and transmit it to something for control and analysis. Also, traditionally IoT devices cannot be controlled in the same way as normal IT systems, making them susceptible to compromise and used malicious attacks. Networks must be deployed that monitor these “things” and control how they operate
  • Device proliferation – Students own multiple devices and they expect to be able to use them wherever they are for both learning and personal use. This causes a challenge for IT. There is a need to ensure there is robust and secure WiFi for the expected number of devices, plus provide adequate protection for the users of these devices while not impacting the user experience

Because of the areas highlighted, along with traditional solutions delivered within the school/college/university via the Internet and on premise, the Attack Surface is growing exponentially. Security solutions must evolve to adapt to this changing environment and all points of entry to the network should be protected both from internal and external threats. Additionally policies and practices that dictate how IT is used, how it is monitored and what happens in the event of a breach need to be reviewed and tested regularly to ensure they are relevant.