People could be forgiven for focusing exclusively on the physical safety of their children at school and ignoring the dangers that lurk beyond the classroom and within the virtual world.
The fact is that security threats that target the networks and ICT infrastructure of education institutions are similar to, if not precisely the same as, those that regularly plague the corporate sector.
In the specialised field of IT security a significant portion of these threats are given the umbrella term ‘blended threats’.
However, the classroom environment can also become susceptible to unique threats that relate to the use of technology to access information and make contact.
Threats in this space come in two distinct forms. The first is that of contact made by the learner online and the second is the content that the learner gains access to online.
The argument that both these threats are a form of a ‘blended threat’ is partially true – technology is used to perform or attempt a criminal act and is combined with the age old social trickery or ‘social engineering’.
Online chat rooms and those within the classroom setup represent a unique threat to education institutions. A perpetrator can quite easily disguise him- or herself as a fellow learner/ friend or associate.
It is no secret that child molesters and kidnappers use these methods to solicit personal information in order to manipulate the unsuspecting learner into a relationship. This could lead to personal contact and further consequences.
Institutions are faced with the challenge not only to make the child/ student aware of these threats but also to successfully teach these students to be on the look-out for these online perpetrators to successfully identify and avoid this type of contact.
Example of this type of awareness is to avoid handing out any personal information online that can lead to personal contact i.e. telephone numbers, addresses, sport activity schedules, home address, names, surnames, favourite places to visit etc.
There is technology available that can manage activity online and monitor content and information in the flow of these online chats. We encourage professional assistance in implementing counter measures with regards to these threats.
From a content management point of view a threat is as relevant to a school as it is to the corporate, with one clear difference – that of age restriction.
Whether intentional or unintentional, is it quite easy for a learner to get his or her hands on the wrong content. A simple search conducted online could quite easily end up allowing access to the wrong content.
In this day of instant communication and available information, the click of a button gains instant results. Learners are inquisitive and will, unfortunately, bend the rules if they can. Again, there must be clear rules and regulations combined with the right technology to protect against this.
We encourage professional assistance when mitigation strategies are being put in place to protect students from this. We find that often, especially in the home environment, that students are way more capable than the parent or teacher in being able to bypass certain counter-measures.
Threats continue to evolve. Profiles change almost on a weekly basis and there is always a perpetrator that will seek an alternative method towards misconduct.
In the past we could draw a clear differentiating line between the ‘what’ (content, more recently known as Malware) that attempts to compromise information systems and the ‘who’ that is trying to initiate this threat and lead to this compromise.
Nowadays this differentiating line has disappeared completely. Eighty percent of threats are guised as ‘legitimate’ applications entering or leaving our networks, and prove to be rather difficult to detect.
Software vendors are consistently providing different mechanisms to protect against these threats. The rate of technology adoption, though, is clouded by the age-old traditional grudge purchase of insuring protections against a possibility or likelihood of a compromise.
In our professional opinion is it not a matter of ‘if’ but rather ‘when’ this compromise will occur.
The majority of institutions only integrate traditional logical security solutions, namely Firewalls and Anti-Virus, with singular Content Management technologies in place. This defence strategy has proved ineffective in the past, as early as 09/11 – when we saw the first flavour of the so-called blended threats by names Code RED and NIMDA.
Yes, there are schools that try to take care of the IT security challenge by themselves. It is not unique, though, and it is only in the past 24 months that outsourcing security has taken off in the corporate environment.
The bottom line is that Information Security has become a highly specialised field and there is a limited availability of skills in the market. Staff shortage and a lack of proper knowledge in the field compounds the problem for schools/ institutions and corporate.
This comment might be relevant in the physical space but certainly not in the logical space. SA is not seen as a leader and we are pretty much in a follow the herd mentality. The rate of technology adoption in SA is similar to that of the rest of the world, considering our quick adoption to general technology growth.
We are rather conservative in the sense of allowing our children access to ‘too much’.