A proven approach that solves your toughest endpoint security challenges

MALWARE IN EDUCATION: TOP 5 CHALLENGES

MALWARE IS ONE OF THE MOST CRITICAL THREATS HITTING THE EDUCATION SECTOR. AND IT HITS EVERY DAY.When it comes to compromising networks, phishing credentials, and scamming unsuspecting users, cybercriminals are opportunists looking for the easiest targets. Educational institutions provide an attractive playground for criminals to unleash their attacks. Schools tend to have open networks that incorporate BYOD with cutting-edge technologies and are ripe for infection.

Today’s 21st century-connected classrooms embrace technology as an integral part of the educational experience. Technology affords teachers and students with opportunities to collaborate, connecting students to current information and engaging them with innovative tools. Unfortunately, when that technology doesn’t function, it can interrupt lesson plans, disrupt learning, and put important student and school information at risk in a breach.

In the first half of 2017, breaches in the education sector more than doubled, jumping 103%.1 Kids are the people Malwarebytes wants to protect from criminals, and they’re at risk every day.

It’s clear. One successful malware event is one too many.

This guide details the top five challenges education institutions face in fighting malware threats and how Malwarebytes can solve schools’ most significant endpoint security risk.

Security Breaches in Education Sectior1

2017

2016

103% INCREASE

2

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

CHALLENGE 1: LIMITED IT RESOURCESThe need for skilled IT security professionals is not keeping pace with demand. There will be an estimated 3.5 million unfilled cybersecurity positions by 2021.2

This resource shortage especially impacts the education sector. While the malware risk has fallen squarely on IT’s shoulder to burden, schools face limited funding and resources to hire and retain staff with the security specialisation required to manage it.

IT staff typically support a mix of devices from different manufacturers running different operating systems—each with their own vulnerabilities and risks.

With restricted budgets and a lack of dedicated IT resources, it’s impossible for schools to deliver effective endpoint protection for all devices on the network.

The workload on IT staff means education institutions need security solutions that work well with a “set-it-and-forget-it” approach. Unfortunately, legacy antivirus solutions have not been delivering effective security against advanced malware. They require extensive care and tuning, which staff don’t have time to do.

“I DON’T HAVE A TEAM WITH SECURITY

SPECIALISATION.”

“WE LACK FUNDING FOR DEDICATED SECURITY

RESOURCES.”

IT ISSUE

BUSINESS ISSUE

?

3

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

CHALLENGE 2: INEFFECTIVE PROTECTIONEducational institutions have wide open campuses that often have gaps in protection. Sensitive information is difficult to secure because it’s stored and shared across multiple departments. In addition, students access data and submit assignments through secured and unsecured networks.

As bad actors innovate and use advanced tools to unleash their attacks. It’s becoming clear the education sector’s legacy security measures are not keeping pace in safeguarding schools and their networks against these threats. Many of today’s attacks bypass existing antivirus altogether.

Malwarebytes analyzed malware remediations in Australian Schools, and found that cybercriminals are successfully bypassing endpoint protection with these three top attacks:

MalvertisingMalware and scams delivered via infected ads on popular sites

1 2 3Trojans Malware hides itself in what appears to be normal files

RiskwareLegitimate programs that can be exploited by malicious users for cybercriminal intent

?

Further compounding this serious effectiveness issue is the mandate from Australian Privacy Act, which requires entities to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of all “eligible data breaches.”

“OUR CURRENT ANTIVIRUS SOLUTION

IS FAILING.”

“WE ALREADY PAID FOR MULTIPLE PRODUCTS THAT DON’T WORK.”

IT ISSUE

BUSINESS ISSUE

4

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

VULNERABILITY PATCH MANAGEMENTPatch management is an important, preventative step to your ransomware protection plan. Ensure you have a strong patch management process with the visibility you need to know which patches are your highest priority.

Assess

Maintain an inventory of your production systems,

operating system types and versions, IP addresses,

and your security controls.

Analyze

When a vulnerability alert is issued, consult your

systems and security controls list to determine if

your network is affected and if you’re protected.

This gives the context to decide which vulnerability

patches require your immediate attention and

those that you can take time to plan.

Prioritize

Prioritize new vulnerabilities based on your

systems exposure, exploit availability, and

existence of active threats in the wild.

Apply

Non-critical updates on non-critical systems

should be applied during scheduled maintenance

windows. Emergency updates should be applied

as soon as possible after you have confirmed the

patch is stable.

“Our legacy solution was not detecting next-generation malware. Since Malwarebytes, we’ve had no more advanced malware infections. Malwarebytes stopped high volumes of access to malicious sites, PUPs, and ransomware.”

- JOHN TOULANTAS, ICT MANAGERST CATHERINE’S SCHOOL

CUSTOMER HIGHLIGHT

5

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

?

CHALLENGE 3: BYOD UNMANAGED PROTECTIONIT departments within education institutions have an equally demanding job as they face the challenges of consumerization that BYOD and open campus cultures introduce. It’s common for education institutions in Australia to support a combination of school-provided and student-owned devices on campuses where the school manages some, but most are managed directly by the user.

Allowing students to bring their own devices provides advantages, such as alleviating the school from the technology costs and enabling 24x7 learning. It can also introduce a rash of security risks when those devices are left unprotected.

Education institutions agree that BYOD acceptable use policies are essential, especially when the school does not own the devices. However, a signed agreement without enforcement provides no duty of care in safeguarding the sensitive data the school stores.

In the end, schools are left completely exposed to data breaches without BYOD protection. And endpoint security is becoming even more critical to a cyber-secure campus: according to Ponemon research. IT’s security postures have shifted from being dependent on network security to endpoint and application security.4

“OUR NETWORK IS EXPOSED TO MALWARE, AND WE’RE

SPENDING MORE TIME FIXING BYOD LAPTOPS.”

“OUR TEACHERS AND STUDENTS INCUR

DOWNTIME. WE’RE AT RISK OF A DATA BREACH.”

IT ISSUE

BUSINESS ISSUE

6

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

?

CHALLENGE 4: LIMITED OFFLINE PROTECTIONTraditional antivirus solutions—and even many solutions with next-generation techniques—require that the device is online and connected to receive the latest security updates and the solution’s best effort at effectiveness. But how does that work in the real-world scenario when laptops are offline?

It’s common for schools to provide students with laptops to continue their work at home and during the holidays. When systems are offline and have reduced capabilities for protection, devices become flooded with infections, such as ransomware and fileless malware.

The challenges of ineffective offline protection not only burden education institutions with remediations, but they also lead to high costs from data breaches. According to the Ponemon Institute, the average cost of a data breach in the Australian education sector has risen to AUD 140 per lost record.3

[Before adopting Malwarebytes] when students took their laptops home during the June school holidays, many of them came back with multiple malware infections. At the new term, the school’s firewall blocked malware, preventing students from getting online.

Students brought their laptops to the IT team, which spent from 30 minutes to more than an hour cleaning each one. When a machine was badly infected, the IT team had to re-image it.

REDUCED OFFLINE PROTECTION:

AUSTRALIAN SCHOOL USE CASE

“OUR NETWORK IS EXPOSED TO MALWARE, AND WE’RE

SPENDING MORE TIME FIXING BYOD LAPTOPS.”

“OUR TEACHERS AND STUDENTS INCUR

DOWNTIME. WE’RE AT RISK OF A DATA BREACH.”

IT ISSUE

BUSINESS ISSUE

7

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

?

CHALLENGE 5: REACTIVE AND LIMITED INCIDENT RESPONSE PROCESSESGiven the epidemic level of malware infections in the education sector, it stands to reason that the majority of IT time is spent managing endpoint remediations.

Most schools use old methods to respond to infections, such as wiping the machine. While reimaging an infected endpoint has a long legacy as the de-facto standard, it’s fraught with time inefficiencies and inherent risks. Of course, IT is responsively dealing with breaches as they occur, but how long does it take to recover from these attacks?

Compared to other industries, the education sector takes more time to identify and contain data breaches. On average, education takes 221 days to contain the breach, and another 83 days to fully deal with it. That’s a total of 304 days (10 months) for complete response.5

There’s also the risk that the infection has spread within the network. Once malware gains a foothold it can initiate lateral movement to access other systems. Reactive IR (Incident Response) processes that are based on manual endpoint reimaging do not provide the speed or completeness to ensure all infection points are restored with minimal resource impact to the campus network and IT teams.

“WE’RE SPENDING TOO MUCH TIME ON REACTIVE

INCIDENT RESPONSE.”

“INCIDENT RESPONSE KEEPS OUR IT TEAM TOO CONSTRAINED TO FOCUS

ON OUR STRATEGIC BUSINESS GOALS.”

IT ISSUE

BUSINESS ISSUE

8

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

VULNERABILITY PATCH MANAGEMENTPatch management is an important, preventative step to your ransomware protection plan. Ensure you have a strong patch management process with the visibility you need to know which patches are your highest priority.

Assess

Maintain an inventory of your production systems,

operating system types and versions, IP addresses,

and your security controls.

Analyze

When a vulnerability alert is issued, consult your

systems and security controls list to determine if

your network is affected and if you’re protected.

This gives the context to decide which vulnerability

patches require your immediate attention and

those that you can take time to plan.

Prioritize

Prioritize new vulnerabilities based on your

systems exposure, exploit availability, and

existence of active threats in the wild.

Apply

Non-critical updates on non-critical systems

should be applied during scheduled maintenance

windows. Emergency updates should be applied

as soon as possible after you have confirmed the

patch is stable.

“We haven’t had any need for after-the-fact remediations. Our top three benefits with Malwarebytes is their blocking of ransomware attacks, the flexibility of deployment, and the return on investment.”

- RICHARD HUMPHREYS, IT LEADER SOUTHPORT SCHOOL

CUSTOMER HIGHLIGHT

9

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

A NEW APPROACH: MALWAREBYTES ENDPOINT PROTECTION AND RESPONSEThe education sector should not carry the burden of ineffective protection and resource-intensive endpoint remediation. Malwarebytes understands the unique challenges education institutions face. That’s why our solution delivers effective protection and cuts through complexity to eliminate IT resource constraints.

Malwarebytes Endpoint Protection and Response takes a holistic approach to securing education endpoints. Our solution uses a single, unified agent to deliver endpoint protection, detection, and response. The result is advanced protection capabilities plus endpoint detection and response (EDR) capabilities. And our EDR features go beyond merely alerting you of a threat to actually fix it with automated remediation and ransomware rollback.

Superior Protection

Malwarebytes Multi-Vector Protection (MVP) uses a seven-layered approach, which includes both static and dynamic detection techniques. These techniques protect against known and unknown threat types, from traditional viruses to tomorrow’s advanced threats.

Powerful Detection

Malwarebytes provides continuous monitoring and visibility into desktops to obtain powerful insights and applies aggressive anomaly detection machine learning and sandbox analysis to uncover even the most slightly suspicious files. If the file’s disposition indicates a potential impact on your environment, Malwarebytes alerts you that the file is a threat and automates remediation.

Automated Remediation

Malwarebytes ensures immediate response in the event an infection does occur. Our proprietary Linking Engine provides complete and thorough remediation to rapidly return an endpoint to a healthy state and minimize impact to the end-user, post-compromise. Rollback technology winds back the clock up to 72 hours, negating the impact of ransomware with just-in-time backups prior to infection.response capabilities

10

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

EDUCATION CHALLENGES RESOLVED WITH MALWAREBYTES

Benefits Malwarebytes Capabilities

Set and Forget Smart Security

▶ Simple, intelligent, automated solution that eliminates IT resource constraints

▶ Product deployment is easy

Highly Effective Security

▶ Single solution for the entire attack chain: prevention, detection, and response

▶ Multi-Layered Protection uses seven-layered approach to deliver highest efficacy in endpoint security

Powerful Offsite Protection

▶ Signature-less protection layers provide protection even when devices are offsite and offline

▶ Supports enforcement for user access restrictions

BYOD Security ▶ Offers flexible and affordable options for student BYOD protection based on school environment and laptop ownership (e.g., unmanaged, managed, or hybrid)

▶ Reduces risk of data breach from student-owned devices

Automated Remediation

▶ Shifts IR focus from reactive remediation and device reimaging to proactive and operational

▶ Global standard for automated remediation delivers efficient, comprehensive IR process that reduces dwell time and eliminates IT resource burden

▶ Supports remediation for entire school

11

MODERNIZING ENDPOINT PROTECTION IN AUSTRALIAN SCHOOLS

For most education institutions, finding the best way to protect against malware threats at the endpoint is top of mind. Current approaches are falling short.

Education institutions are turning to Malwarebytes to eliminate uncertainty and provide a failsafe solution to deliver effective and simplified endpoint protection, detection, and response.

Malwarebytes solves your school’s top 5 malware challenges:

▶ Makes IT’s job dramatically easier

▶ Delivers highly effective protection

▶ Safeguards your student devices when they’re offline

▶ Secures student-owned devices and decreases risk of data loss

▶ Automates remediation and frees up IT time for strategic initiatives

Learn More at Malwarebytes.com/Business

1 Campus Technology. “Education Data Breaches Double in First Half of 2017.” September 2017.2 OCEG. 2017 GRC Maturity Survey. 2017.3 Ponemon Institute. 2017 Cost of Data Breach Study: Australia. June 2017.4 Ponemon Institute. The Evolving Role of CISOs. August 2017.5 Education Dive. Cost of Education Data Breaches. July 2017.

malwarebytes.com/business

Malwarebytes is a cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against malicious threats, including ransomware, that traditional antivirus solutions miss. The company’s flagship product uses signature-less technologies to detect and stop a cyberattack before damage occurs. Learn more at www.malwarebytes.com.

Copyright © 2018, Malwarebytes. All rights reserved. Malwarebytes and the Malwarebytes logo are trademarks of Malwarebytes. Other marks and brands may be claimed as the property of others. All descriptions and specifications herein are subject to change without notice and are provided without warranty of any kind.

corporate-sales@malwarebytes.com Malwarebytes Singapore PTE, 15 Scotts Road Thong Teck Building #04-08, Singapore 228218