Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Logical security

June 2007 Information Security

Christo van Staden

Information technology is undoubtedly playing an increasingly important role at educational facilities, and with this comes the ever-present threat of online security issues.

Security threats facing educational institutions

Security threats in the educational space are not much different than the ones faced by the modern day corporate. The blended threat aspect is as relevant to educational institutions as it is within the corporate environment.

However, as far as content and contact management is concerned, the educational institute is subject to some unique threats.

The threat in this space comes in two distinct forms: one being the contact that the student or learner can make online, the second is the content that the learner has access to online.

To some degree, both these threats are a form of a blended threat, the use of technology to perform or attempt a criminal act combined by the age-old aspect of social engineering.

Contact: online chat rooms and those within the classroom setup represent a unique threat to educational institutions. A perpetrator can quite easily disguise him- or herself as a fellow learner/friend or associate.

It is no secret that child molesters and kidnappers use these methods to solicit personal information in order to manipulate the unsuspecting learner into a relationship. This could lead to personal contact and further consequences.

Institutions are faced with the challenge not only to make the child/student aware of these threats but also to successfully teach these students to be on the look-out for these online perpetrators to successfully identify and avoid this type of contact.

An example of this type of awareness is to avoid handing out any personal information online that can lead to personal contact, including telephone numbers, addresses, sport activity schedules, home address, names, surnames, favourite places to visit, etc.

There is technology available that can manage activity online and monitor content and information in the flow of these online chats. We encourage professional assistance in implementing counter-measures with regards to these threats.

Content: a threat as relevant to the institution as it is to the corporate - with one distinct difference, of course - that of age restriction. Whether intentional or unintentional, it is quite easy for a student to get his or her hands on the wrong content. A simple search conducted online could quite easily end up providing a student with access to the wrong content.

The modern day information age fortunately provides us with ANY information with the click of a button. Students unfortunately are inquisitive and will bend the rules if they can. Again one needs to have clear rules and regulations together with the right technology to protect against this.

Again we encourage professional assistance when mitigation strategies are being put in place to protect students from this. We find that often, especially in the home environment, that students are way more capable than the parent or teacher in being able to bypass certain counter-measures.

The threats continue to evolve and change their profiles almost on a weekly basis. There is always some perpetrator who will seek an alternative method towards misconduct.

In the past we could draw a clear differentiating line between the 'what' (content, more recently known as malware) that attempts to compromise information systems and the 'who' that is trying to initiate this threat and lead to this compromise.

Nowadays, this differentiating line has disappeared completely. 80% of threats are disguised as 'legitimate' applications entering or leaving our networks, and prove to be rather difficult to detect.

Software vendors are consistently providing different mechanisms to protect against these threats. The rate of technology adoption, though, is clouded by the age-old traditional grudge purchase of ensuring protection against a possibility or likelihood of a compromise.

In our professional opinion is it not a matter of 'if' but rather 'when' this compromise will occur.

Solutions

The majority of institutions only integrate traditional logical security solutions, namely firewalls and anti-virus, with singular content management technologies in place. This defence strategy has proved ineffective in the past, as early as 9/11 - when we saw the first flavour of the so-called blended threats by names Code RED and NIMDA.

There are schools that try to take care of the IT security challenge by themselves. It is not unique, though, and it is only in the past 24 months that outsourcing security began in the corporate environment. The bottom line is that information security has become a highly specialised field and there is a limited availability of skills in the market. Staff shortage and a lack of proper knowledge in the field compounds the problem for schools/institutions and corporate.

There are software solutions available to schools that can be professionally installed to combat the potential threats to schools and pupils. We strongly recommend that institutions investigate the options and act before it is too late.

Christo van Staden is a director at Carrick Holdings.

Christo van Staden
Christo van Staden

For more information contact Clint Carrick, Carrick Holdings, +27 (0)11 807 9560, [email protected], www.carrick.co.za





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What are MFA fatigue attacks, and how can they be prevented?
Information Security
Multifactor authentication is a security measure that requires users to provide a second form of verification before they can log into a corporate network. It has long been considered essential for keeping fraudsters out. However, cybercriminals have been discovering clever ways to bypass it.

Read more...
SA's cybersecurity risks to watch
Information Security
The persistent myth is that cybercrime only targets the biggest companies and economies, but cybercriminals are not bound by geography, and rapidly digitising economies lure them in large numbers.

Read more...
Cyber insurance a key component in cyber defence strategies
Information Security
[Sponsored] Cyber insurance has become a key part of South African organisations’ risk reduction strategies, driven by the need for additional financial protection and contingency plans in the event of a cyber incident.

Read more...
Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...
Navigating South Africa's cybersecurity regulations
Sophos Information Security Infrastructure
[Sponsored] Data privacy and compliance are not just buzzwords; they are essential components of a robust cybersecurity strategy that cannot be ignored. Understanding and adhering to local data protection laws and regulations becomes paramount.

Read more...
AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Read more...
Milestone Systems joins CVE programme
Milestone Systems News & Events Information Security
Milestone Systems has partnered with the Common Vulnerability and Exposures (CVE) Programme as a CVE Numbering Authority (CNA), to assist the programme to find, describe, and catalogue known cybersecurity issues.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.