Cybersecurity vs. cyber intelligence in schools: What’s the difference? 

Today’s K-12 schools are faced with an ever-changing cyber threat landscape. Ransomware, phishing, and malware are just a few of the threats schools are exposed to every day. And as more students connect to school data and networks through their personal devices in addition to school-provided technology, those threats may only continue to increase. 

As a result, school IT teams are making cybersecurity a top priority. But what about cyber intelligence? And what is the difference between the two terms?    

Cybersecurity 

To paraphrase the Cybersecurity & Infrastructure Security Agency’s (CISA) definition, cybersecurity is the measures taken to protect school networks, devices, and data against unauthorized access or criminal use. A school’s cybersecurity program includes any cybersecurity technology, personnel, processes, and policies that are in place to defend against and remediate cyber attacks and other threats. 

Cybersecurity can refer to protection against attacks by external actors, such as cyber criminals. It can also refer to protecting against human error and proactive threats from internal users, such as students and teachers. 

Common cybersecurity measures in schools include: 

• Cybersecurity plans 
• Cybersecurity and digital citizenship education 
• Firewalls 
• Cloud-based web filtering 
• Threat detection and response software  
• Keystroke alerting 
• Endpoint monitoring and protection 
• Screen monitoring and web limiting 

Cyber intelligence 

Cyber intelligence is a subset of cybersecurity, referring to the collection and analysis of threat data with the aim of understanding the current mentality and strategies of cyber criminals.  

Cyber intelligence is typically managed by a trained cyber intelligence analyst whose job it is to piece together a holistic view of trends in the cyber threat landscape in order to predict and protect against future threats. 

Typically, they do this by analyzing security incident data from across a variety of threat intelligence sources to study attack patterns, methodology, motive, and severity.  

There are three key areas of cyber intelligence that should be core to school systems using significant technology: 

• Strategic – Relevant to policymakers in businesses or governments. For example, details about a newly identified hacker team including their trends and tactics would be considered strategic cyber intelligence because it can be used to assess and limit an organization or territory’s risk. 
• Operational – Used by hands-on IT professionals to understand and defend against criminals’ current tactics, techniques, and procedures. Operational threat intelligence will outline the tools being used to compromise networks and data. 
• Tactical – Used by IT teams as a blocklist, e.g. for importing into web filters. These feeds are updated continuously and typically require automated importation to be useful for security purposes. 

Cyber intelligence analysts can subscribe to intelligence feeds based on which of these key areas are most applicable to them. There are a variety of threat intelligence feeds analysts can leverage. 

Cyber Intelligence in schools 

While not all schools have the budget to hire a full-time cyber intelligence officer, may be worthwhile to have an IT staff member or members that are trained to know how to monitor threat feeds and adjust cyber strategies accordingly, especially for school-based technology. 

There are a variety of higher ed degrees in cyber intelligence at universities all over the country. But if considering a shorter-term training program, here are a few courses to consider: 

• SANS Cyber Threat Intelligence Online Course 
• NICCS Certified Cyber Intelligence Professional Self-Paced Online Course 
• Mandiant Academy Cyber Intelligence Foundations On-Demand Training 

Deploying an AI-driven web filter like Lenovo NetFilter can also be a great way to remove the burden of tactical cyber intelligence and, to some extent, operational as well. Lenovo NetFilter is tuned to not only automatically import threat feeds to create blocklists, but also to understand and predict threats so it can catch even zero-day threats. 

Cybersecurity in schools has never been a more monumental – or more important – task. Staying on top of the latest threats requires a balanced mix of technology, personnel, and strategy. But staying ahead of those threats requires cyber intelligence.