Catholic Education WA to Secure Student Data

0

Tenable today announced that Catholic Education Western Australia (CEWA) has chosen both Tenable Vulnerability Management and Tenable Active Directory Security to reduce cyber risk across its network of schools and colleges.

The increasing number of cyberattacks on Australia’s education sector has significant implications for teaching, funding and protecting sensitive data. Recognising this, CEWA, a not-for-profit organisation with over 100,000 students and employees across its network of 149 schools and colleges selected Tenable Vulnerability Management in the cloud and Tenable Active Directory Security to harden and monitor Active Directory (AD) in real-time. CEWA consulted with industry analysts following a consolidation exercise and Tenable was highly recommended as the solution to help the organisation step up its vulnerability and exposure management efforts.

“Not only is student data commonly targeted because of its value to cybercriminals for conducting fraud, but students are often less vigilant about monitoring and controlling their online activities which makes them especially vulnerable to being victims of identity theft and fraud for longer periods of time before taking action to protect themselves,” said Lee Swift, Chief Information Security Officer, CEWA.

“Having the security function of the 149 schools across our system consolidated into a central platform promotes collaboration. However, it also means the impact of a cyberattack can ripple across other parts of the organisation. Ensuring that security was embedded across every function of CEWA and making sure that student and employee data were protected is vital to maintaining the faith and trust of the communities we serve.”

With the high-volume usage of thousands of connected devices such as smartphones, web cameras and Apple TVs, having visibility over such a huge footprint can be challenging. Since deploying Tenable.io, the security team is able to run automated, automated scans without the need for agents frequently and has full visibility across 17,000 assets. The entire assessment to remediation process has also been streamlined by leveraging Tenable’s Predictive Prioritization capabilities, which yields a Vulnerability Priority Rating (VPR) score, that combines vulnerability information, threat intelligence and data science to predict which vulnerabilities will likely be exploited. With more predictability and less guesswork, CEWA is able to focus on the vulnerabilities that need to be remediated first based on actual cyber risk.

Dr Debra Sayce, Catholic Education WA, Executive Director says: “We have a responsibility to ensure that students entrusted into our care are learning in environments which are safe. Ensuring that our cyber security policies and platforms are of the highest standard across our 149 schools is critical to protecting student data and ensuring they use technology safely.”

Given that identity is central to authenticating users and providing access to network resources, Tenable Active Directory Security is critical to helping CEWA identify any misconfigurations and prevent any attack paths that attempt to leverage Active Directory. “Prior to using Tenable Active Directory Security, we were only using Microsoft Security Suite and running point-in-time assessments. The ability for Tenable to enhance what we are working with and make our approach to cybersecurity more proactive has been a real differentiator,” added Swift.

Effective Analytics and Reporting

CEWA’s cybersecurity program has quickly become the cornerstone for a more holistic and proactive approach to cybersecurity across the organisation. In addition to running weekly vulnerability reports, Swift’s team also presents quarterly to CEWA’s risk committee. “I’m now able to have open and transparent conversations with our leadership team and board of directors about the good, the bad and the ugly and the resources needed to strengthen our risk posture. Tenable makes these conversations easier and helps us understand risk better as an organisation,” said Swift.

Having an effective vulnerability management program has freed up resources for Swift and his team to also work on enhancing CEWA’s Cyber Culture program which helps students and employees understand their role in cybersecurity.

“The positive impact technology has had on learning is significant. These days if a teacher wants to bring an internet-connected weather station into the classroom, security teams have the ability to secure it instead of stopping the connection of the external device altogether,” said Scott McKinnel, Country Manager, Tenable ANZ. “Cybersecurity is about keeping schools, students and teachers secure and shouldn’t be seen as a barrier to innovation and learning. CEWA is a shining example of an organisation that values innovative learning experiences whilst keeping students and teachers secure on that journey,” said McKinnel.

Share.