Upload
ngophuc
View
213
Download
0
Embed Size (px)
Citation preview
Security in
K-12 EducationMike Zyskowski, Security Engineer
Secureworks | A Dell Technologies Company
JR Balaji “JRB”, Product Marketing Leader
Dell Data Security
ISTE 2018
2
Classification: //Secureworks/Confidential - Limited External Distribution:
Opening Question
• What Breaches in the last year
really hit home for you?
• Why?
• How did it impact you/your
organization?
• What changes have you made in
your environment because of this
breach?
3
Classification: //Secureworks/Confidential - Limited External Distribution:
Ripped from the headlines …
77%
Netwrix Survey
of Educational Institutions are not Prepared for IT Risks.
44%
Cisco’s 2017 Annual Cybersecurity Report
of security alerts go uninvestigated, increasing the likelihood that a costly breach will go undetected for months.
NSA calls for cyber security community collaboration Education Data Breaches Double in First Half of 2017
$245
Netwrix Survey
Average per capita cost for each compromised record at U.S. Educational Institutions is $245.
4
Classification: //Secureworks/Confidential - Limited External Distribution:
Ripped from the headlines …
5
Classification: //Secureworks/Confidential - Limited External Distribution:
Breakdown of Threat Classes
0% 20% 40% 60% 80% 100%
Hacktivist
Insider
Nation State
Cybercriminal
6%
9%
84%
1%
Ransomware BECBanking
Trojan
POS
Other
6
Classification: //Secureworks/Confidential - Limited External Distribution:
700+ IR ENGAGEMENTS
Observations
38%
31%
10%
8%
7%
Phishing
Scan and Exploit
Insider Access
Credentials
Web Exploit
7
Classification: //Secureworks/Confidential - Limited External Distribution:
The balancing act
PreventionDetection & Response
9
Classification: //Secureworks/Confidential - Limited External Distribution:
Real-World Situation:
The Need to Prevent threatsK 12 schools in the US are experiencing
increasing levels of malware and
ransomware attacks causing constant
downtime, and impeding productivity
Security concerns:
• Signature AV is slow and reactive
• Protecting data and preventing threats
is the priority.
• Needed a comprehensive solution that
helps protect data and prevent threats
on a variety of devices
• Need easy management of 100’s of
systems through a single pane of glass
• Web protection and content filtering
What would you
do?
10
Classification: //Secureworks/Confidential - Limited External Distribution:
Password District Data Breach Exercise
11
Classification: //Secureworks/Confidential - Limited External Distribution:
Be Prepared for the
Unexpected!
11
12
Classification: //Secureworks/Confidential - Limited External Distribution:
Background
• Your school district has 7,000 students.
• Your district provides centralized IT
services and support for K12 schools as
well as access to a centrally managed
Student Information System (SIS).
12
13
Classification: //Secureworks/Confidential - Limited External Distribution:
Background (cont.)
• The new SIS allows administrators, faculty, and other
users to log in through the browser and upload grades,
attendance data, and assessment data.
• The new system has only been implemented in a few test
locations in the district.
13
14
Classification: //Secureworks/Confidential - Limited External Distribution:
Scenario
• Yesterday, a teacher notified the district IT manager that
some course grades have been changed in the system.
All the students in one course had their grades changed
to reflect much better scores than they actually earned.
• Initial investigation shows that someone logged on using
the teacher’s login information and manually changed the
grades.
14
15
Classification: //Secureworks/Confidential - Limited External Distribution:
Scenario
• Additionally, the logs indicate that several reports were
also downloaded from other systems, including some that
contained private information (like SSN) about the
school’s employees.
• Logs indicate that the login occurred from the school’s
Wi-Fi network after school hours.
• Reports have surfaced about students offering to change
additional grades for money. No names have yet been
revealed.
15
16
Classification: //Secureworks/Confidential - Limited External Distribution:
Scenario
• Two juniors are rumored to be the culprits.
› When questioned, they admit that they located a sticky note
with a teacher’s username and password, which they used to
log in to change the grades.
• Students said that they also accessed some other school
systems, including a database of employees that listed
names, addresses, SSNs, employee ID numbers, etc.
16
17
Classification: //Secureworks/Confidential - Limited External Distribution:
Password District Data Breach Exercise
1. Gather with your team.
2. Go over the scenario carefully. What do you know?
What don’t you know?
3. Begin building your response. Select a team member to
take notes.
17
19
Classification: //Secureworks/Confidential - Limited External Distribution:
Password District Data Breach Exercise19
10 Minutes
20
Classification: //Secureworks/Confidential - Limited External Distribution:
Where Are We?
• Do you have a basic response plan?
• Can you make any concrete conclusions?
• Will the fact that the breach includes SSNs change the
way you respond?
• Think about what controls you could put in place to avoid
a scenario like this.
• What other information would be useful?
20
21
Classification: //Secureworks/Confidential - Limited External Distribution:
Wrap-up
• Incident Response Plans – what might
work for us?
• What have you learned? Will it affect your
behavior?
• How could this exercise be more useful to
you?
21
23
Classification: //Secureworks/Confidential - Limited External Distribution:
ORGANIZATIONS
Protect Your Assets
• Remove Local Administrator rights
for users
• Back up all data
• Increase visibility and control for the
endpoint and network with advanced
malware protection solutions
• Segment sensitive data on the
network and closely monitor choke
points
• Mandate the use of multi-factor
authentication
24
Classification: //Secureworks/Confidential - Limited External Distribution:
INDIVIDUALS
Protect Your Assets
• Use multi-factor authentication on
your accounts.
• Avoid clicking on links or
attachments within emails
• Make sure you have your security
protections in place. Software patch
management is key.
• Be cautious about installing
software
• Monitor your credit and accounts
25
Classification: //Secureworks/Confidential - Limited External Distribution:
DATA PROTECTION
Balancing Cybersecurity and Data Privacy in Education
• Need to Protect data amassed from various sources: for registration, on-going
communication with parents, student data and more.
• How are you evaluating data protection?
– Formal frameworks like NIST & Gartner or creating customized solutions
– What types of data do you need to secure?› Data at rest (encryption) .vs. Data in motion .vs. Data in use
› Lock down data .vs. Secure ways to improve collaboration
• What specific areas are you focusing on & where are you seeing the gaps?
– Describe your IT topography - PCs, Mac’s, Chrome etc..
– What are your technology considerations based on the above
26
Classification: //Secureworks/Confidential - Limited External Distribution:
Multi-ecosystem support
Protecting data at rest
Flexible and granular encryption options
Choice that fits your security posture
Industry's first dual layer encryption
27
Classification: //Secureworks/Confidential - Limited External Distribution:
Protecting data – existing approach
Documents shared with partners
Documents provided to temporary employees
Employees use cloud shard moving to personal devices using public WiFi
Data Loss Prevention creates a “wall” around the network to prevent data from escaping the protected education network.
But data WILL escape…
28
Classification: //Secureworks/Confidential - Limited External Distribution:
Real-World Situation
Required to share information outside the
immediate school district
Ms. Davis, a middle school principal needs to
collaborate with other schools in the district, state and
federal agencies as well as third party consultants to
develop an ‘integrated data system’ to improve policy,
service delivery, and program evaluations.
This involves sharing files with parties outside of the
school.
Security concerns:
• The principal is concerned about multiple parties
having access to the data.
• She is also concerned about confidential data
still being accessed by third parties post the project.
• She want to know where all the data is and what
is being done with them
What would you
do?
PROTECT
29
Classification: //Secureworks/Confidential - Limited External Distribution:
Protectdata wherever it goes
• Most file types
• 256 bit encryption
• Non-domain protection
• Multi-ecosystem support
Protecting data on the move
Controlaccess to who and when
• Time-based access limits
Monitordata activity and location
• Digital watermark
30
Classification: //Secureworks/Confidential - Limited External Distribution:
The Data In Motion experience
Encrypt data at rest and on
the move
Control collaborator’s
access and interaction with
the file
Detailed information on file usage provides actionable
insights
You send a file to
a collaborator.
Protect
your data wherever it goes.
Controlwho can access your data.
Monitordata activity and location.
ENGAGEyour Dell EMC
representative to schedule
a deeper conversation with
an Education or IT
specialist.
CONNECTWith a school that Dell
has supported through
their transformation.
LEARNmore about Education
Transformation solutions
and services at
DellEMC.com/K12
Join the conversation @DellEMCedu
Find session resource materials after 6/27:
WWW.DELLEMC.COM/ISTE2018