Posts Tagged :

Radware

Guest Blog, Pascal Geenens: The rise in students hacking school databases…

800 450 Jack Wynn

You might be surprised at who is behind the most recent cases of cyber-attacks on schools. Would you guess that in many instances, it’s the students themselves? There are many reasons why students would want to launch an attack against their own school, and it’s actually becoming a larger problem across the globe with cases reported in the US, Japan, Australia and India.

Here are some of the top reasons why students have been launching attacks on schools:

It’s fun

Who wouldn’t be intrigued by the idea of trying to hack into their school, with all its records at their disposal? With many schools now electing to have students submit assignments digitally and take exams online, some would find it fun to shut down the system so they and their classmates won’t have to submit their work or take a test. Others may just want to play a joke by defacing the school website.

Revenge

In some cases, the reason for hacking is as simple as wanting to get back at the school for bestowing punishment upon the student. Disrupting normal operations, thinking they won’t get caught, holds an allure.

Changing grades

For those who are struggling with coursework or may have flunked an important exam or submitted a hastily put together dissertation, the temptation to hack lies in the ability to change their grades to more favourable ones. Not wanting to bring home a poor report is a key motivation in younger students. Students of all ages will see a hack as a way to avoid this.

To change attendance

For the truants out there, hacking provides a way for them to change their attendance records and erase the fact they did not attend school.

As a dare

We all like having bragging rights. For students, responding to a dare is often the way to do it. If they don’t, they face bullying and teasing from classmates over not succeeding.

So how do they do it? Most educational facilities have migrated to digital platforms, and these online portals are prime targets for attacks.

Technology is great and streamlines workflow, but presents a larger issue if knocked offline. If these portals go down, they prevent students from being able to perform many actions, like submitting their work. This is a huge issue with schools going digital. Schools are quick to incorporate the newest technology but often do not consider the risks.

One of the biggest security risks that school network face is from their students and the devices they bring with them. Students bring a considerably large amount of devices, ranging from personal computers and tablets to mobile phones and gaming consoles.

These devices often connect to the school’s network and open a huge range of vulnerabilities. The activities that some students engage in, such as online gaming, can also bring a risk of malware or even denial of service attacks.

Part of the issue is the ease in which students can now access the Darknet, and the increasingly low costs to hire someone to hack the system for them. Digital marketplace vendors on the Darknet offer cyber services such as grade changes and distributed denial of service (DDos) attacks for very little money.

This makes it increasingly easy for non-hackers to carry out an attack or cause damage to a school’s resources. In addition to these services, a potential attacker can rent other attacks such as botnets or stresser services for Bitcoin.

It’s scary stuff, but there are steps that schools can take to protect themselves. They key is a hybrid security solution that combines on-premise detection and mitigation with cloud-based protection, so attack traffic can be identified and blocked before it causes downtime. A trusted security specialist will be able to advise further on the best way to ensure service availability.

It may seem extreme, but students have come a long way from slingshots and peashooters, with many choosing cyber attacks as their weapon of choice. It’s up to schools to make sure they are just as innovative with their defences.

 

As a security evangelist for Radware, Pascal helps execute the company’s thought leadership on today’s security threat landscape. Pascal brings over two decades of experience in many aspects of information technology and holds a degree in Civil Engineering from the Free University of Brussels.

Guest Blog, Adrian Crawley: Transforming security skills for a changing industry landscape…

800 450 Jack Wynn

Talk to any security specialist and they will tell you that, today, the number of different security attacks they potentially face is overwhelming. It’s the direct result of two trends. Firstly, professional hackers have become more sophisticated in their approach using automated attacks, whereby robots are used to launch very advanced persistent attacks, and secondly, the new wave of ‘off the shelf’ hacks that can be bought for as little as £20 are able to cause untold damage to a network. 

Of course, Bots aren’t new, but this year alone the industry has seen an extraordinary rise in their use, posing a big question to company security experts – can we cope? And the simple answer is no. Trying to respond to bots and make complex decisions quickly enough is something the human brain is simply not equipped to deal with; nor is it capable of managing high intensity attacks for days on end.

In response, more and more companies are employing good bots to fight back in a bid to move their security experts from the front line to more strategic development roles.

Strategy is such a fundamental part of security today. No longer is it possible to react on the spot; you need to anticipate the threats and stay ahead. Plus, it needs to be done in line with the overall company strategy and in conjunction with suppliers.

Suppliers are often overlooked, but today skills need to extend beyond your organisation and ensure that your internet service provider (ISP) for example won’t be the ‘cyber domino’ that takes you down. ISPs are one of the most targeted facilities because they are an easy route to attacking hundreds of companies at a time – attack once, damage many. The development of contracts that cover this risk is common practice and should not be underestimated.

In terms of company strategy, if you are moving to an internet of things model, or have ambitious plans to expand market share, your networks, and your partners’ networks, this will inevitably need to change and be able to manage a new level of demand to ensure consistent delivery and a great customer experience.

That’s why finding the tools that will always detect and mitigate the risks is an essential part of network and application delivery today. However, it’s also a necessity to know what the risks will be; they change so rapidly and it can be an impossible task to monitor the risks when you already have other responsibilities.

It’s thought that more than 20 per cent of companies are now turning to ex-hackers for help (37 per cent say they are considering it). As risky as it may sound, many IT directors have identified that they are able to tap into sources in the ‘darker’ web and listen into conversations that are happening between individual hackers, and organised groups. They are also able to spot the malicious technology developments and even tell you the next target, well before they hit.

As I say, for security professionals that have built a reputable career, this whole approach can seem an oxymoron. Why potentially cultivate an enemy within? It’s therefore important to have the right checks and balances, and day-to-day management skills in place to ensure conduct is above board at all times. Or indeed, assess if a security partner who employs the skill is a better option.

Whatever path you choose, the future will be constantly changing, and when security attacks are a question of when not if, every company needs a plan in place. How they are shaped will be down to the organisation and the sector it operates in, but understanding how technology and skill are blended will be an essential part of a successful strategy.

Adrian Crawley is responsible for the Northern EMEA region at Radware, specialising in network and application security. He oversees the cyber security for international brands as well as medium sized enterprises in a mix of sectors including finance and insurance, retail, utility, public sector and telcos and ISPs.