Northbrook School District 27

Trevor Hope

When I started as a classroom teacher in the early 2000’s, no one mentioned cybersecurity. I am not even sure it was in my vocabulary.

We had email, and the message was always only put in an email content you would be comfortable seeing on the cover of the local newspaper the next day. No one talked about links we shouldn’t click on.

I became a technology director in schools in the early 2010’s, and even then, things were different. I heard all too often, we have Macs, we’re fine. Yes, cybersecurity was a thing, but it was mainly around antivirus. We wouldn’t think of spending time with teachers on the topic.

Today, things are different. Cybersecurity is everywhere. We have celebrated, or rather acknowledged, Cybersecurity Awareness Month for several years now. We started sending out phishing simulation emails to all staff during the pandemic.

"We’re at another crossroads, or more likely we’ve already started turning the corner into a new era of cybersecurity with artificial intelligence."

In the past ten years, we’ve gone from making sure every Windows computer or server you have has antivirus, and your network is secured by a decent firewall, to every device needs endpoint and threat detection, a firewall with advanced safety features, and don’t click on anything you are not expecting.

Now, I feel as if we’re at another crossroads, or more likely we’ve already started turning the corner into a new era of cybersecurity with artificial intelligence or AI.

Threats used to come from criminals who either lacked the knowledge, proper grammar and spelling, language skills or all of the above to create an effective attack. Now with AI tools in their arsenal, all of those shortcomings are out the window. Not only does AI fix their writing shortcomings, but AI can also learn about an attack victim and tailor an attack based on who the victim is and what industry they work in.

Social engineering has been around for a while now, but AI has taken it to the next level.

Social media, including school websites and parent newsletters, provide a blueprint for attackers using AI to gather information and fine-tune the attack. Your school staff are getting ready for a staff volleyball tournament? How about a phishing email to all staff with the link to participate, but please make sure you log in with your credentials first so we know who you are. And now the attackers have everyone’s login information.

Yes, having multifactor authentication is a good safeguard to these attacks, but now we’re seeing even that isn’t foolproof.

There is, however, some good news. Human intelligence is better than artificial intelligence. Human firewalls are the best safeguard against attacks. Machines can defeat machines, but humans armed with their own intelligence and training are an unstoppable force against cybersecurity threats.

Training modules, videos, professional development, tabletop exercises, phishing simulations and keeping up awareness with all staff are all essential in today’s world.