Indian education sector biggest target of cyber threats: Report

The findings indicate that several cyber criminals are actively leaking databases, accesses and other information belonging to educational institutions.

Online classes (Representative image)

Press Trust of India | May 1, 2022 | 04:38 PM IST

New Delhi: India is the biggest target of cyber threats to educational institutions and online platforms followed by the USA, the UK, Indonesia and Brazil, according to a report. The report also says that the adoption of remote learning during the COVID-19 pandemic, digitisation of education, and prevalence of online learning platforms are key triggers that enlarged the attack surface.

Also read | Academicians back Goa minister's appeal to check use of smartphones by students

The report, titled "Cyber Threats Targeting the Global Education Sector", also claimed that data shows a 20 per cent increase in cyber threats to the global education sector in the first three months of 2022 when compared to the corresponding period of 2021.

The report has been compiled by the Threat Research and Information Anayltics Division of CloudSEK, a Singapore-based AI-driven Digital Risk Management Enterprise. CloudSEK's XVigil platform scours thousands of sources (across the surface, deep and dark web) to detect cyber threats, data leaks, brand threats and identity thefts.

Also read | UP Govt's agenda is not to change form of madrasa education but to make it better: Minister

"Of the threats detected in Asia and Pacific last year, 58 per cent of them were targeted at Indian or India based educational institutions and online platform. Indonesia was distant second being the target of 10 per cent cyber threats. This included attacks on BYJU's, IIM Kojhikode and Tamil Nadu's Directorate of Technical Education," the report said.

"Overall, the USA was the second most affected country across the globe with a total of 19 recorded incidents, accounting for 86 per cent of the threats in North America. these include ransomware attacks on prestigious institutions such as Howard University and University of California.

Also read | PSEB bans three Class 12 books for distorting facts related to Sikh history

In addition, high-risk API vulnaribilities were uncovered in Coursera, the massive open online course provider," it added. According to Darshit Ashara, Principal Threat Researcher at CloudSEK, the growing global education and training market both online and offline, is expected to reach USD 7.3 trillion by 2025.

"This promising outlook is predicated on the expanding education technology market, population growth and increasing digital penetration in developing countries. Hence, it’s no surprise that cybercriminals are gravitating towards entities and institutions in the sector," he said.

Online learning among key triggers

Adoption of remote learning by schools, universities and related entities to combat the disruption caused by the ongoing COVID-19 pandemic; large-scale digitisation of educational content material, student data and documents and online learning platforms catering to the needs of everybody ranging from preschool children to retired professionals are among the reasons listed in the report, behind the trend.

The report findings indicate that several cybercriminals are actively leaking databases, accesses, vulnerabilities and exploits, and other information belonging to educational institutions, on cybercrime forums.

Also read | Vice President Venkaiah Naidu pitches for early education of children in mother tongue

"Databases and accesses are the most commonly sought after data types. The databases leaked from educational institutions primarily contain information Personally Identifiable Information (PII) of students and their families, including name, date of birth, email address, phone number, and physical address; website user records and credentials and examination results and scores," it said.

The experts have asserted in the report that given the size and impact of the education sector, it is critical for institutions, students, parents, teachers, and the government to ensure that the information gathered and stored is not leaked and exploited by cybercriminals.

Also read | 'NEP 2020, a critical appraisal': AIDSO begins campaign to collect 1 crore signatures against NEP

Creating awareness among users regarding cyber-attacks, online scams, and phishing campaigns; enacting strong password policies and enable multi-factor authentication (MFA); updating and patching software, systems, and networks on a regular basis; maintaining multiple backups, both online and offline, in separate and secure locations; monitoring logs for unusual traffic and activity to websites and other applications are among the recommendations made in the report.

"The institutions should block illegitimate IP addresses and deactivate port forwarding using network firewalls. They should perform real-time monitoring of the internet to identify and mitigate low-hanging threats, such as misconfigured apps, exposed data, and leaked accesses, that are leveraged by cybercriminals to carry out large scale attacks.

"The students, parents, faculty, and staff should avoid clicking on suspicious emails, messages and links; not download or install unverified apps; use strong passwords and enable multi-factor authentication (MFA) across accounts," the report added.

Follow us for the latest education news on colleges and universities, admission, courses, exams, research, education policies, study abroad and more..

To get in touch, write to us at news@careers360.com.