Authored by Mike Wetherbee and Carol Hildebrand

As academic institutions plan the return to full-time classroom learning this fall, they must not lose sight of 2020’s spike in cyberattacks on educational services. As online learning triggered network expansion, cybercriminals quickly took advantage of the increased threat surface to launch a barrage of attacks on educational services.

This activity was seen not only at colleges and universities but also at the high school and middle school level. As the world leaned even more heavily on pandemic-era online learning, attackers naturally followed, and it looks as if the trend will continue. NETSCOUT data shows that attackers launched nearly 80 million assaults targeting educational institutions in the first half of 2021.

To make matters worse, attackers are not only increasing attack frequency but also are launching smaller, more complex attacks that are harder to detect. An attacker often will run multiple attack types in hard-to-predict patterns, which makes them even trickier to detect and defend against.

So how can schools combat these increased threats? They need to know what threats they are facing, what technology to invest in, and how to pay for it.

What threats are schools facing? Cybercriminals are taking advantage of the new threat surface outside of the core network created by online learning. These endpoints typically are connected to the network via virtual private network (VPN) or online SaaS-based services. Because of this, firewalls and VPNs increasingly are under the gun, reflecting the shift in student and teacher access driven by online learning. Furthermore, attackers now tend to launch smaller attacks to avoid being detected by volumetric alerts in cloud scrubbing centers. NETSCOUT data shows that only about 7 percent of all attacks clocked in above 1 Gbps during the first six months of 2021. 

What technology should they invest in? Because of the size and type of distributed denial-of-service (DDoS) attacks that an educational institution may encounter, combined with the complexity of each institution’s network, schools may well need to implement a variety of mitigation strategies and security postures. However, a smart first step is to invest in on-premises protection. This is a key shift for many schools, particularly K-12 organizations, because many did not make attractive targets in the past. Today, with the newly increased threat surface, it really comes down to when an attack will hit, not if it will happen. 

On-premises protection is needed because attackers now are able to launch attacks that slip by upstream protection. Application-layer attacks, smaller attacks, Transmission Control Protocol (TCP) floods, and attacks aimed at VPNs and firewalls all are designed to avoid triggering volumetric alerts. The threat to educational institutions is further amplified by the potential for compromised hosts within the network, ready to communicate with known command-and-control (C2C) infrastructures on the internet for further exploitation via malware. 

Industry experts agree that a multilayered DDoS defense strategy is the best overall mitigation approach. For education institutions in the current landscape, that means first protecting the network at the edge before augmenting that effort with additional layers of security outward.

How can they pay? The United States federal government offers several emergency-relief mechanisms that include funding for cybersecurity technology, including:

  • The Coronavirus Aid, Relief, and Economic Security (CARES) Act established the Education Stabilization Fund (ESF), which allocated $30.75 billion to the U.S. Department of Education.
  • The ESF is composed of three primary emergency relief funds: the Governor’s Emergency Education Relief Fund (GEERF), the Elementary and Secondary School Emergency Relief (ESSER) fund, and the Higher Education Emergency Relief Fund (HEERF).
  • Furthermore, the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA) provides an additional $81.9 billion to the ESF.
  • And finally, the U.S. Department of Education received more than $170 billion in new resources through the American Rescue Plan (ARP) to support ongoing state and institutional COVID-19 recovery efforts.

Although there was some initial confusion about whether these funds could be used for cybersecurity investments, a recent FAQ from the Department of Education offered confirmation, stating that “if a school, LEA, or State is improving cybersecurity to better meet educational and other needs of students related to preventing, preparing for, or responding to COVID-19, it may use ESSER or GEER funds.”

However, schools need to be aware that many of the funding programs require the awards to be allocated to the school systems by a set time. Once allocated to the educational institutions, the ESSER and GEERF programs have specified time frames for spending the money, whereas the HEERF program requires awards to be spent within a year of receipt.

Educational institutions at all levels will have to come to terms with DDoS and cyberattacks in a post-pandemic world that may never return to its former level of in-person learning. And even if it does return, increased reliance on cloud-based technology, applications, and services in the classroom and at home will make education a higher-value target for attacks. Fortunately, there are powerful solutions to help educational organizations protect their vital applications and services. But to take advantage of the available federal funding for cybersecurity investments, the time to act is now.

Learn how one university mitigates DDoS attacks 

Explore Cyber Threat Horizon for global DDoS statistics 

Learn more about NETSCOUT Arbor DDoS attack protection

  • DDoS
  • Enterprise
  • Security

Subscribe to Our Blog