How to Protect Distance Learning Against Cyber Threats

Terms such as distance learning, distance education, remote learning, cyber education, and others have become much more commonplace over the past year and a half, as the Covid-19 pandemic forced many school districts and institutions to change the way they provide services to students.

This shift to online learning has enabled many school districts to continue providing education for communities while keep students and faculty safe. But it has also introduced cyber security risks that IT and security decision makers in the education field need to address. And even with the Covid-19 vaccines and other measures helping to make in-school learning a reality again for many, it’s likely that some types of online learning will be around for a long time.

What is distance learning?

The concept of distance learning, also referred to as cyber education, remote learning, and other terms, is certainly not new. For example, community colleges and other institutions have been offering programs such as massive open online courses for students for some time. The pandemic has brought the concept to a whole new level of interest, however.

Distance learning is the education of students who are not physically present at a school. The concept typically involves online education, using the Internet as the means of connecting students to academic programs. A distance learning program can either be completely distance learning, or a combination of distance learning and traditional classroom instructions in a school.

The widespread available of the Internet and related technologies, as well as higher bandwidth networks, has enabled many of distance learning programs.

Distance learning solutions and technologies fall under two key categories of delivery modes, synchronous learning and asynchronous learning.

Synchronous learning requires that participants be virtually present at the same time in a virtual setting, and involves technologies such Web conferencing, videoconferencing, live streaming, instructional television, and others.

With asynchronous learning, students can access course materials whenever they want to, and are not required to meet at the same time. This involves technologies such as messages board forums, email, video and audio recordings, and others.

These methods can be used in combination within a distance learning program. Schools can also choose to combine classroom and distance learning. Indeed, as with the emerging hybrid work model where employees work part of the time at home and part in the corporate office, the future of education might be hybrid learning. With this model, stu

dents are in the classroom for part of their education and at home other times.

Security threats in distance learning

Distance learning, like remote work, presents security threats that schools and other organizations involved in education need to address. As with other sectors, one of the biggest reasons why the security risk level is high in education is because of how individuals are using technology. For example, teachers, students and others might be using insecure devices or networks in order to access learning resources.

Also, individuals often circumvent existing security controls such as virtual private networks (VPNs) to make it easier to access online materials. These shortcuts all come with risks that are not visible to the security team and present real threats to the individual and their data as well as that of the education provider.

Any process that requires users to access data or networks outside of the security team’s control presents risk. Using insecure networks makes it relatively easy for a bad actor with access to the same network to steal any data that is being transferred on the network, including credentials, personal information, etc.

In addition, users of online learning resources are at risk of being socially engineered and phished. Bad actors can leverage an individual’s position as a student or teacher to create content that looks legitimate and is of interest to the user, in order to trick the user into clicking on something they shouldn’t or inadvertently giving up credentials.

The increase of ransomware attacks on distance learning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that it has seen an increase in malicious activity with ransomware attacks against K-12 educational institutions.

“Malicious cyber actors are targeting school computer systems, slowing access, and rendering the systems inaccessible to basic functions, including remote learning,” CISA said. “In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.

A cyber security advisory on these threats, posted jointly by CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), noted that bad actors likely view schools as targets of opportunity.

“These issues will be particularly challenging for K-12 schools that face resource limitations,” the advisory said. The FBI, CISA, and MS-ISAC have received numerous reports of ransomware attacks against K-12 educational institutions. In these attacks, malicious cyber criminals target school computer systems, slowing access, and—in some instances—rendering the systems inaccessible for basic functions including distance learning.

“Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom,” the advisory noted.

Cyber actors are also causing disruptions to K-12 educational institutions, including third-party services supporting distance learning solutions, via distributed denial-of-service (DDoS) attacks that temporarily limit or prevent users from conducting daily operations, according to the organizations. They said malicious cyber actors are expected to continue seeking opportunities to exploit the evolving remote learning environment.

Risk mitigation strategies for distance education

One of the steps schools can take to address the growing security threats is to set or update cyber security policies and make sure they are being enforced. For instance, policies should dictate the right and wrong ways to use devices to connect to the distance learning program.

That includes using secure devices, VPNs, and whatever tools are available to ensure systems and data protection. In addition to policies, educational institutions should provide a service they ought to be particularly adept at: training. Faculty and staff should know how to recognize possible threats and how to address them, and that can be taught in training programs.

Security awareness is extremely important. Teachers and administrators should pass on information about security risks to students who are using the distance learning programs.

From a technology standpoint, schools should consider deploying Managed Detection and Response (MDR) for distance education solutions. These are outsourced cyber security services that are designed to protect an organizations data and systems on a continuous basis, even if threats get past common security controls and tools.

MDR services provide three important capabilities. One is 24/7 monitoring. Students working from home will often access data outside normal working hours. This makes it easy for bad actors with access to the network to go unnoticed, especially if the security team at the school is confined to normal working hours.

Another is advanced detection. MDR services use security analytics and proactive analysis operations such as cyber threat hunting to identify potential threats on a network far more effectively than a school can.

The final recommended step is the ability to respond to an attack to prevent impact. An MDR team will work with a customer to create and deploy response actions and countermeasures to stop attacks even after they gain access to the network.

Learn more about how to leverage MDR for modern security operations.