Indian education sector top target of cyber threats, remote learning among top triggers: report

New Delhi (PTI): India is the top target for cyber threats against educational institutions and online platforms, followed by the US, UK, Indonesia and Brazil, according to a report.

The report also indicates that the adoption of distance learning during the COVID-19 pandemic, the digitization of education and the prevalence of online learning platforms are key triggers that have widened the attack surface. .

The report, titled “Cyber ​​Threats Targeting the Global Education Sector”, also claimed that data shows a 20% increase in cyber threats against the global education sector in the first three months of 2022 compared to the corresponding period of 2021.

The report was compiled by the Threat Research and Information Analytics division of CloudSEK, an AI-based digital risk management firm based in Singapore.

CloudSEK’s XVigil platform scours thousands of sources (on the shallow, deep, and dark web) to detect cyber threats, data leaks, brand threats, and identity theft.

“Of the threats detected in Asia and the Pacific last year, 58% targeted educational institutions and an online platform based in India or India. Indonesia was far behind, being the 10% target of cyber threats. IIM Kojhikode and Tamil Nadu Technical Education Authority,” the report said.

“Overall, the United States was the second most affected country in the world with a total of 19 incidents recorded, representing 86% of threats in North America. These include ransomware attacks against prestigious institutions such as Howard University and the University of California. Additionally, high-risk API vulnerabilities have been discovered in Coursera, the massive open online course provider,” he added.

According to Darshit Ashara, Principal Threat Researcher at CloudSEK, the growing global education and training market, both online and offline, is expected to reach $7.3 trillion by 2025.

“These promising prospects are underpinned by the expanding market for edtech, population growth and increasing digital penetration in developing countries. It is therefore not surprising that cybercriminals are turning to entities and sector institutions,” he said.

Adoption of distance learning by schools, universities and related entities to combat disruption caused by the ongoing COVID-19 pandemic; the large-scale digitization of educational materials, student data and documents, and online learning platforms catering to the needs of everyone from preschoolers to retired professionals are among the reasons listed in the report, behind this trend.

The report’s findings indicate that several cybercriminals are actively disclosing databases, accesses, vulnerabilities and exploits, as well as other information belonging to educational institutions, on cybercrime forums.

“Databases and access are the most sought-after types of data. Databases disclosed by educational institutions primarily contain personally identifiable information (PII) of students and their families, including name, date of birth, email address, phone number, and physical address; records and credentials of website users, and exam results and scores,” a- he declared.

Experts asserted in the report that given the size and impact of the education sector, it is essential that institutions, students, parents, teachers and government ensure that the information collected and stored are not disclosed and exploited by cybercriminals.

Educate users about cyberattacks, online scams and phishing campaigns; adopt strong password policies and enable multi-factor authentication (MFA); regularly update and correct software, systems and networks; maintain multiple backups, both online and offline, in separate, secure locations; monitoring for unusual traffic and activity logs to websites and other applications is among the recommendations made in the report.

“Institutions should block illegitimate IP addresses and disable port forwarding using network firewalls. They should perform real-time Internet monitoring to identify and mitigate short-term threats, such as applications misconfigured data, exposed data, and leaked access, which are exploited by cybercriminals to carry out large-scale attacks.

“Students, parents, faculty and staff should avoid clicking on suspicious emails, messages and links; do not download or install unverified applications; use strong passwords and enable authentication multifactor (MFA) across all accounts,” the report added.

Let the Truth be known. If you read VB and love VB, be a VB supporter and help us bring the truth to everyone.

Helen D. Jessen