In this podcast, McAfee Security Engineer, Chris Moran, and e.Republic Vice President of Research, Joe Morris, discuss how McAfee MVISION Mobile Advanced can protect your remote teachers and students.
Speaker 1: On behalf of McAfee and Carahsoft we would like to welcome you to today's podcast focused around Will Remote Schooling Be Safe where Chris Moran, Security Engineer at McAfee and Joe Morris, Vice-President of Research at E Republic will discuss how virtual classrooms and remote learning can protect against cyber-attacks.
Joe Morris: My name is Joe Morris. I'm the vice president of research with the Center for Digital Education and it's a pleasure to get the opportunity to speak with you all on what we're seeing and hearing across education right now. It's obviously, it's a challenging time. I say that both as someone who follows these trends and as a parent of a virtual kindergartner. I'm aware of these challenges that we're talking about today firsthand.
If we can move to the next slide I want to just share what we're seeing and observing across our research. And some of this is obvious. The outbreak of COVID-19 has been a major disruption to K through 12 districts across the country. You go back what is it a four or five months ago we saw the rapid mobilization to online learning. Some of that maybe initially was thought to be temporary and now we find ourselves six, seven months into this and it's very much long-term. As of September 2nd, 73 of the 100 largest school districts in the country decided to go remote. That's roughly impacting eight million students. And in fact Ed Week, I don't know if you've seen this but they've done a breakdown of 900 school districts across the country and over 400 of them have gone to full-time remote and another 248 to hybrid. So you're seeing a lot of focus on particularly those two methods of educational delivery across the country. Full-time remote, some doing two, maybe three days a week in the classroom, and then online.
And with all things related to this pandemic, we know that it's very fluid. There are districts in K through 12 just like there are a higher ed institutions in higher ed that have opened in-person and then been forced unfortunately to shutdown due to the COVID-19 outbreak in their organization, in their district or in their institution. It's very fluid. That fluidity is causing a significant amount of challenges on both the procurement front but the logistical front as well. That rapid shift has focused in terms of Chromebook deployments and devices and all things around keeping students safe for those campuses that are opening. But we are seeing through our Ed Tech platform that tracks the various procurements across the country for technology a rapid sharp increase in Chromebook deployments and procurements as well as all things to support the new digital learning environment that we're seeing across the country.
Now, the one positive and somewhat optimistic viewpoint I guess on this rapid mobilization, this rapid wave of procurements that are happening is that there are funds for districts across the country to take advantage of to fund these initiatives. First and foremost, through The Cares Act and we'll talk about this a little bit later but there are education stabilization funds that are available to fund this. And on top of those funds there's also some state funds depending on what state you reside in and some pass through funds that are impacting localities as well.
We can move to the next slide. The Chromebook deployments probably one of the biggest trends that we've seen out of the gate early on. I mean, this just represents a snapshot, a tiny snapshot, of some of the editorial coverage that we've seen. But districts large and small are procuring Chromebooks at a rate that we haven't seen, at least in the whatever 13, 14 years that I've been tracking this market. You've got deployments of 10,000, 30,000, 100,000 devices being purchased at a single time and these are steady. If you go into your search engine of choice today and you run a search for K through 12 let's say and The Cares Act or K through 12 and Chromebooks you're going to find a variety of these announcements. You're going to see a variety of these RFPs being issued. You're going to see a variety of awards also being issued in relation to these Chromebook deployments.
This rapid mobilization to digital and remote learning caught a number of school districts off guard. That doesn't matter if you're a large school district or a small school district. We're seeing some of the unfortunate editorial coverage coming out now for some of these districts that have been challenged both in terms of procuring these devices, sourcing these devices, but for those lucky enough to do so now we're seeing some significant security challenges also present themselves.
Just before this webinar, just a couple of days ago the news out of Miami Dade, look what happened there. The first day of school is traditionally a very exciting time, unfortunately for that school district, which is what the fourth largest school district in the country I believe that first day of school didn't go as planned. In fact, it didn't really go at all. Unfortunately a student it turns out, launched a denial of service attack against the school and shut down all of the connectivity, all of everything. This is the new reality that we find ourselves in today, an environment where we're challenged to maybe initially deploy the technology, we're fortunate enough to deploy the technology. Now we're dealing with a new realm of security challenges that are far greater than I think any CIO or CSO had on their roadmap pre-pandemic.
And that's what brings me to some of the remote learning concerns that we're seeing. I just briefly mentioned some of the challenges in sourcing devices but digital equity is one of the largest things that I hear about through all of the research that we're currently doing. When you look specifically at K through 12 something like 15 to 16 million students lack connectivity or devices, of that roughly nine million lack both. But it's not just limited to the students. We've all seen the stories, teachers too are challenged. Everyone's teaching remotely, teachers are teaching class from the comfort of their home but something like roughly between 300 and 400,000 teachers are also lacking connectivity.
So let me put that into perspective for you. If you've got 16 million students lacking connectivity or devices there's roughly about 58 million students total. That's a substantial chunk of students that are lacking connectivity in an era when they need it the most.
The next challenge that we're seeing surface is digital literacy. Concerns over digital literacy of students and staff are starting to emerge. We're starting to see studies come out saying teachers are using technologies that they've never used before throughout the entire course of their career. That they're facing a rapid and sometimes challenging learning cliff to understand the various applications that they are now using to deliver instruction be that a particular LMS, a particular collaboration tool and the mix of both.
The other challenge is funding. While there is that funding through the Cares Act, the Coronavirus Relief Fund it provides a solid start but it's not nearly enough to fund the full need for remote learning. I don't know if you have seen that the cost of Los Angeles Unified but when they're talking about providing devices to all students that price tag adds up quite quickly well beyond their Cares Act allotment. The same thing with broadly in a state the size of California. To provision the devices one-to-one comes at a significant price tag well beyond what federal aid is to accomplish.
So then you have to get creative. What are those state sources or even local sources that you can tap into, those public private partnerships that may exist to provide and provision these devices? And this is probably the most scary thing, both as a researcher but perhaps more importantly as a parent. I think what we're seeing across the broader public sector, state and local government, K through 12, higher education is something that many weren't prepared for, the loss of visibility, the loss of control, the loss of visibility over the network. We're all sharing a network right now at home where we're doing work, where students are doing their education, and we have no control over what people click and what people don't do.
When you look specifically at how this is impacting K through 12 look at now the steady stream of articles. Gwinnett County, another large school district in the country, Zoom bomb, Zoom bomb here, Zoom bomb there. We're seeing this left and right as many schools deploy these applications and then creative students or malicious actors take advantage of them. And this is a significant challenge that you're seeing fortunately some school districts be able to rapidly address but many are caught flat footed.
Probably the one that stuck out to me the most is the rise of cyber bullying. In Plano independent school district, a student was being sent threatening messages while they're trying to get their education. Which the school district was able to rapidly confront that but unfortunately it had to happen. It had to be confronted now and now it's something that many school districts can learn from.
And while all this is happening, the standard threats didn't go away. 2019 and early 2020 showed that the public sector, K through 12 education, higher education, but U.S. public sector wasn't a target, it was the target. School districts across the country are vast, tens of thousands of school districts all of them with varying sophistication with regard to IT. One of the most significant challenges now is how do you keep it secure and now we're seeing the rise of ransomware attacks targeting K through 12.
Zoom bombs, these cybersecurity concerns are real, they're significant and they're impactful. And they're happening at too fast of a pace right now. I mentioned at the very beginning what we're seeing in the Miami Dade school district, a very sophisticated school district couldn't start school on the first day because of a cyber security concern. So these are the things that whether you're a CIO, an IT manager, or a CSO are now confronting. You've got tens of thousands of devices and how do you secure them? How do you manage them and how do you prevent these frightening things from happening?
In this environment where you've got this rapid mobilization, a need for a significant amount of devices, where do you turn to fund it? Well, first and foremost from a K through 12 standpoint I would look at the Cares Act, it's the $2 trillion funding stream to offset the impact of COVID-19. And K through 12 qualifies for a number of funding streams that can offset these costs both for cybersecurity, devices and to facilitate this online learning and distance learning. And you can also cover any COVID-19 related expense. So if you for some reason have now these new cybersecurity challenges that have presented themselves solely because you're doing distance learning because of the pandemic districts can now fund these using these funding streams.
So, let's move to the next slide and talk a little bit about some of these funding streams. All right. Education was a massive benefactor through the Cares Act. Just over $30 billion went to education in totality. Of that, over $13 billion went to K through 12 through the elementary and secondary education or what's called the Elementary and Secondary Relief Act. These funds flowed on a formula basis based on Title One to school districts across the country and to state education agencies. So you can take advantage of these funds and you've got a long window to do that. These funds don't actually need to be taken fully advantage of. While you'd want to seize the opportunity quickly you've got a little bit of a runway until essentially fall of 2021 to take advantage of these funds. Now, $13 billion is a significant amount of funds. The State Departments of Education are also taking their funds which is roughly 10% of that number and we're seeing those funds flow back down into these school districts for connectivity and for devices.
If you find yourself on this webinar wondering if your district has received funds or could receive funds let us know in the chat. We'll absolutely provide you all of the details on which school districts are receiving funds. But it doesn't just stop at that $13 billion. In addition, this is a three billion dollar funding stream called the Governor's Emergency Relief Fund. This can apply to both K through 12 and higher education but this fund is what's being called as extraordinarily flexible. It's a fully discretionary fund that's at your state governor's office that can be used to meet the most pressing needs in relation to COVID-19.
Now given that, the only guidance that they were provided is, "We're not going to micromanage you but we highly suggest that you use these funds to facilitate and support distance and online learning." So with that guidance, these funds I think are an extraordinary opportunity to be engaging with your governor's office, with your department of finance, to understand what the governor's plans are for these funds because they may present a unique opportunity for your school district to tap into to fund both the procurement of Chromebooks, perhaps more importantly though the security that wraps around it.
Now, I just talked about the dedicated education funding streams but the funding stream that we're seeing the most amount of activity right now was the funding stream that actually went to states and localities and that funding stream is called the Coronavirus Relief Fund. The Coronavirus Relief Fund, or CRF for short, went to communities that are greater than 500,000 in population from a community standpoint. And it went directly to states and you can see the allotments on the graphic there on the right hand side. You can see that no state across the country got less than $1.25 billion.
These are a massive funding stream and this funding stream has a variety of eligible uses but the one that I want to call out today is reimbursement for software and hardware, things to run occupancy management around distance learning, around facilitating the costs that have been incurred because of the pandemic. So while we are seeing these funds being used by cities and counties we are also seeing states, cities and counties allocate these funds to K through 12 and to higher ed. Now, these funds have a much tighter timeframe. These funds have to be used by December 30th. And that's why we're seeing so much activity around this particular fund right now is because you've got states, you've got educational entities, you've got local governments fully trying to take advantage of these funds, get through the procurement process and expend these funds by the end of this year.
Now I'm calling all of this out because I want to be real clear here. This is a transformative moment in education. It is a very challenging time in education but there is substantial funding here when it comes to securing these devices, ensuring safe remote work and distance education as well as addressing some of the challenges that we're seeing on the staff front as well. How do you secure all those staff devices that are also remote for those teachers and instructional staff that are working remotely? This is an allowable expense under both of the funds that I just talked about.
Looking at the next slide. Now I just wanted to illuminate that these funds are rolling through. Now, this is from usaspending.gov. Now, as someone who's closely following the Cares Act and what's happened to the funds in K through 12 and higher ed I'll tell you that this is unlike what we saw in 2009. Transparency in reporting is a little slower. It's moving at a state by state level and there isn't one aggregate deep level of transparency reporting yet at the federal level. But this website does a great job. Again, it's usaspending.gov and it will tell you how much each jurisdiction has received and how much money they've spent to date.
So what you can see on this graph here is some of that spending. A state like California and their department of education being that the highest spender at just over $1.6 billion. But you can see that the various states that are reporting here in some cases very early on in their spending, tremendous opportunities still left as states are still marching through the early path in school districts of beginning to expend these funds. Again, if you want to check it out usaspending.gov. You can isolate specific funding streams like the ones I'm talking about here today both K through 12, higher ed, or even that Coronavirus Relief Fund and get a sense of how those funds are flowing.
Chris Moran: So yeah, I really appreciate it Joe. Thank you for the insight there. So yeah, like I mentioned my name is Chris Moran. I'm the sales engineer for McAfee. I really appreciate Joe walking through definitely some of the challenges that we're seeing from a K through 12 and education specific going into 2020 through the educational year. What I wanted to share today is some of the trends we're seeing from a security side, why McAfee is adjusting [inaudible 00:18:21] to ensure we're a major partner for school districts and education in the United States. A new program that we're launching called McAfee Secure Schools. And then talk a little bit about security that's built into Chromebooks and some challenges that we're seeing there just like Joe had mentioned.
So, the first thing I want to do is just introduce myself real quickly. As I mentioned my name is Chris Moran, Sales Engineer here with McAfee out of Louisville, Kentucky. And so, I've been with McAfee for around four and a half years now as a cybersecurity sales engineer. Prior to working for the army I worked for the local government here in Louisville as a security analyst. And in that role I've worked very closely with the library, school districts here in Louisville to ensure that we as a local government help out as much as we could with providing places for students to again take part in education. So things like free wifi, watching educational programs for free in the libraries. Prior to working for the local government I worked for the U.S. army as a security analyst and so overall I've been working with security for 12 plus years.
So jumping ahead here, I did want to talk about some of the trends we're seeing in 2020. And so do this, we targeted and used a report released by McAfee Labs called the Security Threats Report. That's released on a quarterly basis. What I did is I pulled out things that I thought were specifically important for us to discuss from an educational perspective especially moving into distance learning. So some of the prints that I found interesting to share are number one what we can see over the first few months of 2020 and coming out of 2019, we saw the new detections of ransomware throughout, but almost 25%. And we saw the new mobile malwares start to increase by almost 71% in that same period. And the reason why this trend is important is attackers and malware authors are smart. And as they see the decline in traditional workstation users and more transition into a mobile market where people are accessing their dat mobile. Obviously the attacks shift.
And so, what we can see here in this example is in that timeframe we're starting to see a slowdown in the traditional threats we've seen in the past and it transitioned into targeting those mobile devices. This gets called out specifically in the educational vertical breakdown. And as we can see here, just in the education vertical we saw over a 1000% increase in cloud threats. And when we say cloud threats that's specifically around services that are in the cloud. And as you can imagine with these remote learning platforms obviously the usage has increased exponentially as well. And so those are things like our G suite, our Office 365. And those are the attacks that we're seeing increase on such an exponential scale.
There's a couple of reasons I believe that's happening, definitely as the usage increases we definitely will see more attacks. But additionally, in the olden days, all of our services were back behind our protected enterprise firewall. With these cloud services what we see is they are always available which is absolutely important for our students to be able to access their classroom from anywhere in the world. What that also means is these platforms are available for penetration as well anywhere in the world. So, someone doesn't have to go behind your firewall to attack a Google account, obviously they can try to log in directly from the website and crack that password. And so, with the ease of use with the students we also have created an easier attack surface for malicious actors as well.
We can also see one of the things that we saw a great increase in, in the beginning of the year is malicious emails with URL links. And so this is specifically targeting COVID-19 but we've also seen a huge increase in phishing in general. And so those are the things hey your password has expired or someone you know has tested positive for COVID-19 please click this link. And as we know with security anytime if we click the link we enter credentials that is a major source of malware being introduced into our environment or data being stolen from those devices just with the loss of credentials.
So, from what what are the takeaways and what does that mean to an education vertical or a school district? Obviously as we've seen, as non-traditional instruction increases so do the device counts. Especially with the funding available today, more and more school districts are opting to utilize those remote learning tools like Chromebooks. And so what that leads to is a much larger attack surface however security teams don't get that same kind of increase. So the workers that are already providing security across your environment we're probably not out hiring four or five more people to protect the additional tens of thousands of devices. So what we have to do as an organization is be better at protecting with the resources we already have.
Also with the increase of phishing in those fake URLs we have to ensure to remain vigilant both in training for our students as well as layered protection to protect those devices because they are outside of the network. And that goes to that last point here, VPNs just can't handle all the traffic. A lot of companies have went from just having a few people remote to thousands and VPNs, the concentrators that were in place do not have the capability to back haul all of that traffic for web filtering or SSL inspection, what our traditional security teams would use.
So I did want to jump into why McAfee is on this path and why we believe we are well-suited to help address some of these cyber security issues. Obviously McAfee has been in the market for over 30 years providing cyber security and protection for organizations all over the world. As you can see from the chart here, numerous awards and the leader across many different organizations. Obviously we have a footprint in over 77% of the Fortune 100 companies. And so, what this slide is meant to show is just the amount of information and protection that we're offering across the world. With that is all the telemetry data that we gather through these devices.
So, as you can see here on the slide we have over 547 million devices that we're gathering telemetry data from that allows our labs to learn and become more efficient at detecting and protecting those devices. With this experience as I mentioned, McAfee has developed a new program called McAfee Secure Schools. The whole goal around this is to build specific platforms that are built to help protect and address the needs of educational institutions.
This is just a quick snippet of what the different packages include but just from a high level what it's meant to do is provide a single source of protection for all of your devices from device to cloud. And so that includes everything from Chromebooks to Windows devices, to Linux devices whether they're on premise or remote in someone's house. Whether it's in the teacher's classroom or the student working from Starbucks or from the library. And the way that that's done is it is all delivered through a cloud platform and this allows school districts to have the agility to go from 50 to 500,000 devices with no on-premise infrastructure, no need to build out an entire server farm, because that is all delivered from the cloud. And we do also offer hosted and managed options for districts that want to take a completely hands off approach.
So we take a look at that as I mentioned really we're focusing in on zero deployment, being able to roll out this technology in minutes without having a major investment of time or administrative overhead from your security teams. We aim to give you that single posture dashboard that lets you know and have visibility into the protection and control of all those devices even if they are outside of your network.
Just as Joe mentioned one of the things that none of us could have planned for with the outbreak of COVID-19 is the vast and rapid expansion of virtual classrooms. And one of the things we saw with the expansion of these virtual classrooms is the introduction and massive growth of Chromebooks. And so, there's a lot of reasons for that. One of them is Chromebooks are obviously cheaper to acquire and maintain licensing on versus traditional Windows devices. And they're also easier to use and do provide a secure operating system where Google is taking care of those packages for you.
And so, we can see that in the shift here in 2020 or in second quarter of 2020 Google Chromebooks accounted for 25% of the notebooks shipments across the world and so that's a huge number. If we looked at this a year ago, it wouldn't have been a fraction of that. We're going to see a lot of organizations are adopting Chromebooks to rapidly deploy out and get those virtual classrooms up and running for their students.
With that just as Joe mentioned at first all of this we thought was temporary but as this has gone on longer and longer I think that everyone is starting to realize that this is actually going to be the new norm at least for a while and that Chromebooks are going to continue to increase their usage especially in education. As we've seen with the news headlines that obviously Chromebooks do have definitely a leg up on security versus their Windows counterparts but are they truly secure? And this is where we get into the question of how we deal with Chromebooks today.
Traditionally with Chromebooks the protection that we're providing is strictly just web filtering. And so that is an outgoing risk and what we do is with web filtering we prevent students from going to sites that we would consider malicious or inappropriate for school. But what we have to remember is at the basis a Chromebook is actually just an Android operating system. It operates very similar to your Android phones and so there are operating system exploits that exist and web filtering only protects you for part of the problem. And that's where we went into these devices that may be running a less than secure operating environment.
So we don't think about things like malicious applications that can be installed on the device? What wifi network is the student connected to? Is that network safe? Is there someone listening to that network? Phishing emails, Google has some built-in phishing protection but what about things outside of Google like Yahoo mail that the student may log into or mail that comes directly to their student email box? How do we protect against those links? Also applications that are risky. So, definitely because this is an Android device it does support all Android applications so social media, TikTok, things like that, that are risky to the privacy of students that school districts may want to understand what applications have access to the video camera on this device. And that's really what MVISION Mobile can provide.
So if we look at some of the things that can go wrong for what we're not protecting against obviously with bad wifi networks we can intercept data in between, loss of personal information of the student. With phishing we can see that several examples in the news today, stolen credentials used to log into accounts obviously violating the privacy and possibly even leading to a monetary loss. Malicious apps that could be installed on the device can access the microphone and camera of the device obviously leading to a privacy concern with students as well.
And then any apps that may not just be appropriate for students to have on devices provided by the school. So what does the mobile age do is let you as a cyber security professional, as a CIO, as the CSO answer this question. How are we protecting these devices from phishing? Can we detect malicious wifi networks before someone connects to them? And then what apps are on these devices and what risk are they posing to the students?
So with MVISION Mobile we provide what we call DNA, which is Device Network and Application protection. This is installed locally on the Chromebook. What we do is we protect against those exploits that live in the environment. So, an older Chromebook that may not be up to date we can provide protection against those exploits that exist. We'll be continuously monitoring network traffic for signs of attacks, notify students if they're connected to a network that has been attacked before. Or for instance, if a rogue access point is stood up to try to compromise that data. And also with the application be able to protect against malicious applications obviously would give you guys the visibility into all the applications that are installed and what are the risk level to privacy and security by having those applications on that device.
So in summary, I just wanted to share what the MVISION Mobile Secure Schools plus MVISION Mobile Advanced provides is a single console that's cloud delivered to protect all of those devices that we talked about whether it be an Android cell phone, an iOS cell phone, Chrome OS device, Windows, Mac, or Linux. We're able to protect those both on premise as well as any that are outside of the network remote learning devices all through a single console. And really the purpose of that is to give you guys or to give school districts in general the visibility and the context to be able to provide a secure platform for children to learn.
Speaker 1: Thanks for listening. If you would like more information on how Carahsoft or McAfee can protect your educational outcomes please visit www.carahsoft.com or email us at mcafee@carahsoft.com. Thanks again for listening and have a great day.