K–12 schools faced serious scrutiny in 2018 as security experts found education institutions had the weakest cybersecurity protections out of 17 vulnerable industries.
Moreover, while school districts are falling behind on their security plans, the cyber underworld is evolving and consolidating, according to the McAfee Labs 2019 Threats Predictions Report.
“We have witnessed greater collaboration among cybercriminals exploiting the underground market, which has allowed them to develop efficiencies in their products. Cybercriminals have been partnering in this way for years; in 2019 this market economy will only expand. The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before,” writes Raj Samani, chief scientist and McAfee fellow for advanced threat research, in an introduction accompanying the report.
So, what does 2019 have in store when it comes to cyberthreats? Here are three security concerns schools should turn their attention to quelling in the coming year.
1. Watch Out for AI Threats
Artificial intelligence has much to offer K–12 schools in terms of efficiency and automation of tedious tasks, but cybercriminals see opportunity in the technology as well, particularly when it comes to evasion techniques, which enable the criminals to avoid detection and circumvent security.
“We expect evasion techniques to begin leveraging artificial intelligence to automate target selection, or to check infected environments before deploying later stages and avoiding detection,” explain McAfee researchers in the 2019 Threat Predictions Report.
This AI-based malware will stack up on top of the already plentiful list of evasion techniques the cyber underground employs today, including new techniques spotted in 2018, such as botnets and cryptomining.
A possible antidote is AI-based and other next-generation cybersecurity tools, which are making use of emerging technology in order to detect and ward off increasingly sophisticated threats.
“With computing power increasing and with AI advancing, IT teams are going to be able to spot these attacks much faster than they have been historically,” Erich Kron, security advocate for KnowBe4, tells EdTech. “This advancement will help endpoint protection, email gateways, all of these vulnerable places where companies are working to deploy AI. It is really going to help make current protections more effective.”
2. Cloud Security Becomes Paramount to Keep Student Data Safe
As the adoption of cloud-based email and other applications takes off, cloud security will become an even larger concern in the new year, particularly because, according to McAfee, 21 percent of data stored in the cloud is sensitive. Bad actors search out, in particular, when cloud or credentials have been misconfigured.
“As workload migration accelerates to the public cloud, security risk professionals will need to get more actively involved in their DevOps team’s processes, so they can automate the application of governance and compliance controls,” explains Tim Jefferson, vice president of Public Cloud at Barracuda Networks. “It’s not about dictating what tools the team uses, but verifying that controls are being met and helping the builders build securely.”
Jefferson expects, as a result, to see more teams embracing automation that can help to “continuously monitor cloud security and remediate problems automatically.”
3. Keep an Eye on Voice-Controlled Digital Assistants
Voice-controlled digital assistants are entering homes and classrooms, revolutionizing how teachers and students interact. But, as with any new technology, they also represent a new threat vector.
“This opportunity to control a home’s or office’s devices will not go unnoticed by cybercriminals, who will engage in an altogether different type of writing in relation to the market winner, in the form of malicious code designed to attack not only IoT devices but also the digital assistants that are given so much license to talk to them,” McAfee researchers note in the report.
This ability to monitor and control infected Internet of Things devices, such as digital assistants, smartphones and routers, could literally invite bad actors in.
“Infected IoT devices will supply botnets, which can launch DDoS attacks, as well as steal personal data,” the McAfee researchers note. “The more sophisticated IoT malware will exploit voice-controlled digital assistants to hide its suspicious activities from users and home-network security software. Malicious activities such as opening doors and connecting to control servers could be triggered by user voice commands (“Play music” and “What is today’s weather?”). Soon we may hear infected IoT devices themselves exclaiming: “Assistant! Open the back door!””