Questions around cybersecurity will need to be answered anew this September by tech teams and channel partners working in education institutions, according to threat specialist Webroot.
“Even though the 2020 Back to School season may look very different from those in years past, there are a few things that will remain the same. It is often when parents and care givers stock up on new clothes, tech, and school supplies for students. It’s also when lots of stores (especially online retailers) run huge sales,” explains Justine Kurtz, blogging for Webroot.
Kurtz notes that “oldies but goodies” like phishing aren’t going away any time soon. Meanwhile, Webroot’s BrightCloud Real-Time Anti-Phishing service has indicated that targeting of global streaming services — such as Netflix or YouTube — is on the rise.
“In March 2020 alone, we saw the following increases in phishing URLs, broken out by service: Netflix – 525% increase, YouTube – 3,064% increase, Twitch – 337% increase, and HBO – 525% increase,” she writes.
The US-based Tech Times website reported in August that phishing in Netflix, YouTube, and other streaming platforms had surged some 600% during that country’s lockdown period.
And the education sector has been one of the most targeted industries of all, as Microsoft security intelligence has highlighted.
Up-to-date cybersecurity and threat approaches in schools are clearly essential, from backup strategies to software, solutions and services. But in addition, writes Webroot’s Kurtz, awareness among students, teachers and staff is also needed.
“Because many students will end up communicating mostly via online chat, text message (SMS), or social media, it’s important for us all to be extra-vigilant about what we click, what we download, and what information we transmit,” she writes.
Phishing, spoofed and fake sites, malware, Zoom-bombing (where videoconferencing platforms are invaded and disrupted), ransomware and data breach are all issues that should be secured against in schools as well as in businesses. Updates, patching and disabling content and macros will only go so far.
“Webroot threat researchers have seen videoconference executable files either faked or manipulated so that unwitting victims end up downloading malware,” adds Kurtz.
In the example of ransomware, exploit kits today can be purchased online like any other software and launched easily by wannabe hackers with little knowledge of coding, notes Thycotic CISO Terence Jackson in an article for SC Magazine. And it’s not only large enterprises at risk — Sophos has found that smaller organisations are also targeted with ransomware.