The implementation of South Africa’s far-reaching schools digitisation plans is a welcome development; but cyber security transformation should take place simultaneously to mitigate cyber risk to all levels of education departments, and to learners themselves.
Ron Harris, major account manager: public sector at Fortinet South Africa, says cyber security is a top priority for local, provincial and national education departments as the schools’ digitisation plan comes to fruition. However, not all provincial education departments are putting security at the foundation of their new digital ecosystems, he notes.
“Some provincial education departments appear to be ahead of the curve, implementing Fortinet security solutions at the outset of digitisation projects to ensure that all systems are secured and centrally managed from day one, while in others, cyber security implementations appear to be following broadband roll-out and the implementation of digital education programmes,” he says. “Ideally, digital transformation and security transformation should be carried out in tandem for maximum risk mitigation.”
With the pending arrival of tablets for all learners, high-speed connectivity and Wi-Fi at school campuses and e-learning content across schools, education departments must now mitigate cyber risk across devices, users and WiFi networks; instead of taking the traditional approach, which entailed just perimeter security. In future, anyone who has access to the network can potentially (innocently or maliciously) be the gateway to cause a cyber attack, Fortinet notes. As a result, education departments and schools have to rethink the entire cybersecurity process.
In addition, the new digitisation initiative will be many schools’ first experience with high-speed connectivity, device management and e-learning, and therefore the necessary on-site cyber security resources may be lacking.
For this reason, and to ensure cost control and up-to-date security, provincial education departments should be moving to security systems that cover the breadth of the environment, with central management from a single pane of glass, says Fortinet.
Locking down vulnerabilities
Fortinet has found that internationally, the most common entryway to education networks is email, accounting for more than 95 percent of incidents. This is especially true for staff and administrators. The cyber hygiene and security practices of the staff are crucial, especially as threat actors are now mimicking the email addresses of superintendents and specific suppliers that serve the district to send seemingly harmless links. Furthermore, where there is a strong union presence, cybercriminals will send phishing emails as if from union leadership.
In higher education, risks expand beyond email to encompass the Wi-Fi and IoT environments.
Across the education system, protecting learners themselves must also be a priority as connected devices are put into the hands of individual learners. Fortinet recommends that only government-issued tablets, properly configured and with adequate security software, be allowed on to school networks.
Fortinet Security Fabric
Doros Hadjizenonos, regional sales director at Fortinet, says Fortinet’s Security Fabric has been configured to underpin security transformation, weaving together a variety of devices, technologies and services into a single, integrated network that can dynamically expand and adapt as needs evolve.
“FortiGate and the Security Fabric can play a key role in addressing cyber risk across public sector education, due to its single-pane-of-glass visibility as well as the ability to segment and secure the entire network, right down to endpoints,” says Hadjizenonos.
Fortinet Security Fabric offers broad visibility and protection across the entire digital attack surface, including data and workloads crossing between a variety of device form factors and network ecosystems. Devices are integrated using open standards, common operating systems and unified management platforms for coordinated threat detection, automated real-time threat response and advanced analytics.