Review Of Cyber Threats on Educational Institutions

Review of cyber threats on Educational Institutions

Abstract. This paper addresses the issue of cyber threats to educational institu-tions in order to identify which means are used to respond to threats and to un-derstand the root causes of cyber-attacks on educational institutions.

Initially, a brief explanation is given about who cyber-attacks / threats are, how they spread and why they happen.

The risks that each institution may otherwise assume are addressed, as well as the requirements necessary to ensure the security of the institution.

The cyber-attacks / threats that occurred during 2002 through 2019.

Keywords: Educational Institutions, Cyber, Attacks, Threats, Risks, Security, Data

1 Introduction

In the society we live in today is remarkable the great connection that exists to elec-tronic devices and especially to the internet. The internet is a search engine in which there is a huge traffic of daily information and with this it becomes very relevant that there is also some kind of protection. "According to Nakura and Geus (2010), today most systems are distributed, leading many people and organizations to depend on the internet, it is a huge network of computers connected worldwide."[22]

Today we are moving rapidly into a technological world, with educational institu-tions also having to adapt to this new reality. The concept of cyber security is about protecting systems, networks and programs from digital attacks. These attacks aim to access, alter or destroy confidential information, extort money from users, etc.

In this paper we will look at some of these attacks within educational institutions. For a network administration team, implementing effective cyber-attack measures is particularly challenging today, as there are more devices than people, and attackers are becoming more invasive in their attack techniques. To take a successful approach to cybersecurity, it is necessary to have multiple layers of protection spread across the computers, networks, programs, or data that we want to keep safe. In an organization it is necessary that the Network Admin team do a good job in order to be able to create an effective defense against cyber-attacks.[1]

Typically, educational institutions are concerned about the safety of their students, and like all staff, if a cyber security framework is weak, this could put them at risk. Cybercrime is occurring more often in educational institutions and has caused damage

in all areas. We have an example at the University of Calgary in Canada, which alleg-edly paid € 18166.00 to hackers for malware and ended up causing disruptions and financial damage.[2]

In the second topic I will give an introduction on cyber-crime and how education is a target for cyber criminals. Following this line, the third topic is shown what are the challenges facing education, where it shows some tips on how we should protect our network in an educational institution. Concluding with some attacks between 2002 and 2019.[3]

2 Cyber-attacks and Why Education is a target

In modern society one of the themes that has some relevance has to do with infor-mation security / cybersecurity issues. The Institutions Education, especially schools, have a significant amount of information about students and about their parents, and there is a need for this information to be kept confidential and most importantly to be kept safe by the school. "In classrooms, high-speed Internet connections and the adop-tion of 1-to-1 computing and the Internet of Things make school networks an attractive target for hackers looking to create botnets."[22] In the classroom it is very important that the information given to the students is to be prepared with the necessary skills to be able to react to this type of attacks.

Phishing is the use of technological methods that lead the user to reveal personal and / or confidential data. Usually emails or messages are sent inducing the user to trust the source trying to access personal information.[2] This type of attack is the main threat faced by educational institutions.

The lack of awareness of staff or even students, who often have no training or knowledge on the subject and thus end up committing the system, thus provide open-ings for cyber criminals to enter the network. In order to be better prepared against this, there is a course, Citizen Cybersecurity, which the government has developed for eve-ryone.[2]

2.1 Cyber-Attacks

There are several types of cyber-attacks that are used in ways that undermine the security systems of the various institutions. These attacks are:

• DDoS Attack: the goal of a distributed denial-of-service (DDoS) attack is to overload the network. To carry out this type of attack requires several com-puters and the IP of our victim. Having these requirements established we start sending several requests to the same IP, which later the network will start to overload and consequently will go down.[4]

• Spoofing: an attacker will send out emails impersonating a trusted person or entity.[5]

• Sniffing: is the method used by hackers to control and evaluate network traf-fic.[5]

• Hijacking: is when a hacker interferes with communication between individ-uals by impersonating one of them. [5]

• Man-in-the-middle: occurs when attackers intercept digital communications between parties to read or alter them. Neither party knows about the intercep-tions, which the hacker can use for false authentications.[5]

• False authentication: Hackers can log in with digital communications infor-mation.[5]

• Password Cracking: Passwords that are easy to find, hackers just run a pro-gram to try basic passwords so they have access to secure areas.[5]

• Data Theft: is a way to illegally store or transfer any information that is pri-marily confidential. Nowadays this type of attack is considered increasingly serious.[2]

• Financial Gain: The financial gain is what has often called hackers because it is where they can make money in an "easy" way, but with this they are com-mitting an illegality. This type of attacks has affected large companies.[2]

2.2 Education and cyber-crimes

We must think about why educational institutions are the target of cyber-attacks, each institution needs to assess the risks they are taking and try to guard against

...