How Can Schools Be Better Prepared for Supply Chain Attacks?

Schools have to play a crucial role in safeguarding children from all kinds of threats, and one that often flies under the radar is cyber attacks. Unfortunately, schools are a gold mine for criminals with invaluable data related to personal information and financial details which can be sold to the highest bidder on the black market. This was the case towards the end of last year, as thousands of students’ data was leaked in the Louisiana school district.

A supply chain attack is one method that has been gaining a lot of traction recently, whereby an attack on an outside provider can lead to the attacker being able to infiltrate the school’s digital infrastructure. If the outside provider has been granted access rights to use the network or other applications, then the attacker would only need to get through the third party’s defenses to infiltrate the school’s system. This type of attack is particularly interesting to criminals—and devastating to victims—because they can gain access to multiple districts and mountains of data through one vendor.

Types of supply chain attacks include stealing security certificates, compromising software development tools, preinstalling malware on devices, and embedding malicious code in firmware. For example, if a hacker steals a certificate used to authenticate a software update, they can use it to distribute malware disguised as a legitimate update. In schools, where IT resources may already be stretched thin, detecting these kinds of sophisticated attacks is very difficult.

Supply chain attacks are very broad and can impact organizations of all types and sizes. Let’s examine where they tend to come from and their impact before discussing how schools can better defend themselves.

The Source of Supply Chain Attacks

Supply chain attacks can come from a variety of places and, depending on the source, can bring their own set of risks. Commercial software is something that every school will have across its network, and hackers can insert malicious code into a common software application that would then gain access to any school using that particular software.

The problem is that schools often depend on software updates to patch vulnerabilities, but the updates themselves are actually one of the most common areas to exploit. One of the most famous examples came a few years back in 2020, when the major software company, __SolarWinds, was hacked with a backdoor __inserted into one of their IT management tools, and thousands of government organizations and schools around the world were affected.

Another common source comes from open-source software where schools use these solutions as they’re generally more scalable and cost-effective, but this can also leave them more vulnerable. During the development process, hackers can introduce vulnerabilities, and then they wreak havoc when the software is finally implemented. There was a clear incident of this earlier this year when a software engineer found a backdoor that had gone unnoticed after two years of a group calledJia Tan implementing versions of XZ Utils, providing hours of largely benign volunteer coding into the open-source software, Linux.

Lastly, we need to touch on foreign-sourced threats, which can be dangerous when schools are using systems from outside the country in their networks. Some countries have varying controls on tech industries, so schools need to be careful.

What is the Impact of Supply Chain Attacks on Schools?

There can be a huge impact on schools that are victims of supply chain attacks, including the disruption of administrative functions and the educational process. One of the biggest risks obviously comes from data breaches, where student records, financial details, and even potentially health data can be leaked. This could easily lead to privacy violations and identity theft.

Schools also depend on software for scheduling, grading, and virtual classrooms, and if that is compromised, it can cause huge interruptions, with students and teachers unable to access vital resources. Lastly, financial costs, although seemingly not as prevalent in a supply chain attack, can still be a consequence. Ransomware can lock critical systems through compromised software. Even if the ransom is not paid, restoring systems and implementing stronger security measures is expensive.

What Are The Mitigation Strategies?

There are various ways that schools can go about mitigating supply chain attacks, primarily schools must have cybersecurity measures in place to protect their systems. They are outlined by the Department for Education, and involve a range of steps, from simple steps such as adopting multi-factor authentication to more complex data protection impact assessments.

Regular software updates are important, but they are far from being fool-proof, schools need to be informed about any potential vulnerabilities that could arise in the software that they use. This can be done by monitoring cyber news and having open lines of communication with their vendors to stay on top of emerging threats. Access control is another element that can’t go unnoticed. Schools need to always review who has access to their systems and ensure that permissions are limited to the necessary people.

The final mitigation strategy to mention is testing out incident response plans. This should involve explaining what steps would need to be taken in the event of a supply chain attack and how to isolate compromised systems, restore data from backups, and communicate with stakeholders. These kinds of drills mean that staff are ready to act quickly and effectively when an attack occurs.

Supply chain attacks are undoubtedly brutal, and hackers can exploit weaknesses in schools, and their impact can be devastating. However, following some of the steps outlined above can at least mitigate the potential impact if staff are dedicated to prioritizing cybersecurity and good hygiene.