Security in K-12 Education - dellemcevents.com · Netwrix Survey of Educational Institutions are not Prepared for IT Risks. 44% Cisco’s 2017 Annual Cybersecurity Report of security

Security in

K-12 EducationMike Zyskowski, Security Engineer

Secureworks | A Dell Technologies Company

JR Balaji “JRB”, Product Marketing Leader

Dell Data Security

ISTE 2018

2

Classification: //Secureworks/Confidential - Limited External Distribution:

Opening Question

• What Breaches in the last year

really hit home for you?

• Why?

• How did it impact you/your

organization?

• What changes have you made in

your environment because of this

breach?

3


Ripped from the headlines …

77%

Netwrix Survey

of Educational Institutions are not Prepared for IT Risks.

44%

Cisco’s 2017 Annual Cybersecurity Report

of security alerts go uninvestigated, increasing the likelihood that a costly breach will go undetected for months.

NSA calls for cyber security community collaboration Education Data Breaches Double in First Half of 2017

$245

Netwrix Survey

Average per capita cost for each compromised record at U.S. Educational Institutions is $245.

4


Ripped from the headlines …

5


Breakdown of Threat Classes

0% 20% 40% 60% 80% 100%

Hacktivist

Insider

Nation State

Cybercriminal

6%

9%

84%

1%

Ransomware BECBanking

Trojan

POS

Other

6


700+ IR ENGAGEMENTS

Observations

38%

31%

10%

8%

7%

Phishing

Scan and Exploit

Insider Access

Credentials

Web Exploit

7


The balancing act

PreventionDetection & Response

Case Study

9


Real-World Situation:

The Need to Prevent threatsK 12 schools in the US are experiencing

increasing levels of malware and

ransomware attacks causing constant

downtime, and impeding productivity

Security concerns:

• Signature AV is slow and reactive

• Protecting data and preventing threats

is the priority.

• Needed a comprehensive solution that

helps protect data and prevent threats

on a variety of devices

• Need easy management of 100’s of

systems through a single pane of glass

• Web protection and content filtering

What would you

do?

10


Password District Data Breach Exercise

11


Be Prepared for the

Unexpected!

11

12


Background

• Your school district has 7,000 students.

• Your district provides centralized IT

services and support for K12 schools as

well as access to a centrally managed

Student Information System (SIS).

12

13


Background (cont.)

• The new SIS allows administrators, faculty, and other

users to log in through the browser and upload grades,

attendance data, and assessment data.

• The new system has only been implemented in a few test

locations in the district.

13

14


Scenario

• Yesterday, a teacher notified the district IT manager that

some course grades have been changed in the system.

All the students in one course had their grades changed

to reflect much better scores than they actually earned.

• Initial investigation shows that someone logged on using

the teacher’s login information and manually changed the

grades.

14

15


Scenario

• Additionally, the logs indicate that several reports were

also downloaded from other systems, including some that

contained private information (like SSN) about the

school’s employees.

• Logs indicate that the login occurred from the school’s

Wi-Fi network after school hours.

• Reports have surfaced about students offering to change

additional grades for money. No names have yet been

revealed.

15

16


Scenario

• Two juniors are rumored to be the culprits.

› When questioned, they admit that they located a sticky note

with a teacher’s username and password, which they used to

log in to change the grades.

• Students said that they also accessed some other school

systems, including a database of employees that listed

names, addresses, SSNs, employee ID numbers, etc.

16

17


Password District Data Breach Exercise

1. Gather with your team.

2. Go over the scenario carefully. What do you know?

What don’t you know?

3. Begin building your response. Select a team member to

take notes.

17

18


Questions?

18

19


Password District Data Breach Exercise19

10 Minutes

20


Where Are We?

• Do you have a basic response plan?

• Can you make any concrete conclusions?

• Will the fact that the breach includes SSNs change the

way you respond?

• Think about what controls you could put in place to avoid

a scenario like this.

• What other information would be useful?

20

21


Wrap-up

• Incident Response Plans – what might

work for us?

• What have you learned? Will it affect your

behavior?

• How could this exercise be more useful to

you?

21

What’s the takeaway?

23


ORGANIZATIONS

Protect Your Assets

• Remove Local Administrator rights

for users

• Back up all data

• Increase visibility and control for the

endpoint and network with advanced

malware protection solutions

• Segment sensitive data on the

network and closely monitor choke

points

• Mandate the use of multi-factor

authentication

24


INDIVIDUALS

Protect Your Assets

• Use multi-factor authentication on

your accounts.

• Avoid clicking on links or

attachments within emails

• Make sure you have your security

protections in place. Software patch

management is key.

• Be cautious about installing

software

• Monitor your credit and accounts

25


DATA PROTECTION

Balancing Cybersecurity and Data Privacy in Education

• Need to Protect data amassed from various sources: for registration, on-going

communication with parents, student data and more.

• How are you evaluating data protection?

– Formal frameworks like NIST & Gartner or creating customized solutions

– What types of data do you need to secure?› Data at rest (encryption) .vs. Data in motion .vs. Data in use

› Lock down data .vs. Secure ways to improve collaboration

• What specific areas are you focusing on & where are you seeing the gaps?

– Describe your IT topography - PCs, Mac’s, Chrome etc..

– What are your technology considerations based on the above

26


Multi-ecosystem support

Protecting data at rest

Flexible and granular encryption options

Choice that fits your security posture

Industry's first dual layer encryption

27


Protecting data – existing approach

Documents shared with partners

Documents provided to temporary employees

Employees use cloud shard moving to personal devices using public WiFi

Data Loss Prevention creates a “wall” around the network to prevent data from escaping the protected education network.

But data WILL escape…

28


Real-World Situation

Required to share information outside the

immediate school district

Ms. Davis, a middle school principal needs to

collaborate with other schools in the district, state and

federal agencies as well as third party consultants to

develop an ‘integrated data system’ to improve policy,

service delivery, and program evaluations.

This involves sharing files with parties outside of the

school.

Security concerns:

• The principal is concerned about multiple parties

having access to the data.

• She is also concerned about confidential data

still being accessed by third parties post the project.

• She want to know where all the data is and what

is being done with them

What would you

do?

PROTECT

29


Protectdata wherever it goes

• Most file types

• 256 bit encryption

• Non-domain protection

• Multi-ecosystem support

Protecting data on the move

Controlaccess to who and when

• Time-based access limits

Monitordata activity and location

• Digital watermark

30


The Data In Motion experience

Encrypt data at rest and on

the move

Control collaborator’s

access and interaction with

the file

Detailed information on file usage provides actionable

insights

You send a file to

a collaborator.

Protect

your data wherever it goes.

Controlwho can access your data.

Monitordata activity and location.

ENGAGEyour Dell EMC

representative to schedule

a deeper conversation with

an Education or IT

specialist.

CONNECTWith a school that Dell

has supported through

their transformation.

LEARNmore about Education

Transformation solutions

and services at

DellEMC.com/K12

Join the conversation @DellEMCedu

Find session resource materials after 6/27:

WWW.DELLEMC.COM/ISTE2018