In The News | How Schools Can Prepare for Supply Chain Attacks

This article was originally published in Hackernoon on 8/26/24 by Charlie Sander, CEO at ManagedMethods.

Schools have to play a crucial role in safeguarding children from all kinds of threats, and one that often flies under the radar is cyber attacks.

Unfortunately, schools are a gold mine for criminals with invaluable data related to personal information and financial details which can be sold to the highest bidder on the black market. This was the case towards the end of last year, as thousands of students’ data was leaked in a Louisiana school district.

A supply chain attack is one method that has been gaining a lot of traction recently, whereby an attack on an outside provider can lead to the attacker being able to infiltrate the school’s digital infrastructure. If the outside provider has been granted access rights to use the network or other applications, then the attacker would only need to get through the third party’s defenses to infiltrate the school’s system. This type of attack is particularly interesting to criminals—and devastating to victims—because they can gain access to multiple districts and mountains of data through one vendor.

Types of supply chain attacks include stealing security certificates, compromising software development tools, preinstalling malware on devices, and embedding malicious code in firmware. For example, if a hacker steals a certificate used to authenticate a software update, they can use it to distribute malware disguised as a legitimate update. In schools, where IT resources may already be stretched thin, detecting these kinds of sophisticated attacks is very difficult.

Supply chain attacks are very broad and can impact organizations of all types and sizes. Let’s examine where they tend to come from and their impact before discussing how schools can better defend themselves.

The Source of Supply Chain Attacks

Supply chain attacks can come from a variety of places and, depending on the source, can bring their own set of risks. Commercial software is something that every school will have across its network, and hackers can insert malicious code into a common software application that would then gain access to any school using that particular software…

Read More >>