Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
Discover the latest in cybersecurity education, training programs, courses, and certifications to secure digital environments effectively.
Search across headline titles and summaries.
Background for this topic.
Education comprises schools, colleges, universities, training providers, and the systems supporting teaching, assessment, administration, and research. Its distinctive assets include student and staff records, attendance and grades, learning materials, research data, payment information, and sometimes sensitive information about children or vulnerable people. Core dependencies include identity systems, email, learning platforms, campus networks, cloud services, online examination tools, and third-party platforms; disruption can affect teaching, assessment, safeguarding, or essential administration.
Security priorities include tightly scoped access for students, staff, contractors, and researchers; strong authentication; timely patching of internet-facing and classroom-managed devices; and careful control of data shared with service providers. Privacy requirements make retention, access logging, and protection of educational and research records material. Because education operates on fixed academic schedules and often has limited recovery windows, tested backups, offline or segregated recovery copies, and rehearsed procedures for isolating accounts or systems can support continuity. Vulnerability management should account for legacy devices and decentralized departmental technology, while incident response plans should preserve evidence and provide clear communications to affected communities.
Weekly headline count for the current query.
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.
ShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.
The UC Berkeley Center for Long-Term Cybersecurity (CLTC) offers tools and support to schools, local governments, and non-profits as they defend themselves against a growing volume of cyberattacks.
A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection.
Colonel Georgeo Xavier Pulikkathara, CISO at iMerit discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution.
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication.
A state-sponsored threat group tracked as "Kimsuky" sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.
What happens to all of those always-connected devices when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.
What happens to all of those always-connected devices and Internet of Things when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.
A high school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.
Iran's top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game.
Researcher Gjoko Krstic’s "Project Brainfog" exposed hundreds of zero-day vulnerabilities in building-automation systems still running hospitals, schools, and offices worldwide.
A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked.
Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership.
The threats may not be malicious, but they are more than many security teams can handle.
The initiative will be tailored to students and their growth in cybersecurity preparedness.
Quick recovery relies on three security measures.
The education sector is haunted by a significant fraud problem where fake students impersonate celebrities and employ other identity techniques to steal resources and money from legitimate students.
An ongoing phishing campaign is using fake versions of the department's G5 grant portal, taking advantage of political turmoil associated with the DoE's 1,400 layoffs.