• Indian education sector biggest target of cyber threats: Report


    Moreover, the report also stated that the use of remote learning during the Covid-19 pandemic, digitalisation of education, and the importance of online learning platforms are all major triggers that widened the attack surface.

    Digital Desk: India is the biggest target of cyber threats to educational institutions and online platforms, followed by the United States, the United Kingdom, Indonesia, and Brazil.

    Moreover, the report also stated that the use of remote learning during the Covid-19 pandemic, digitalisation of education, and the importance of online learning platforms are all major triggers that widened the attack surface.

    The report tittled "Cyber Threats Targeting the Global Education Sector" points out a 20% rise in cyber threats to the global education sector in the first three months of 2022 compared to the same period in 2021.

    The report is also compiled by the Threat Research and Information Analytics Division of CloudSEK, a Singapore-based AI-driven Digital Risk Management Enterprise.

    Thousands of sources (on the surface, deep, and black web) are scoured by CloudSEK's XVigil platform to detect cyber risks, data leaks, brand threats, and identity thefts.

    "Last year, 58 per cent of the threats reported in Asia and Pacific were targeted against Indian or India-based educational institutions and internet platforms. Indonesia came in second place, with 10% of cyber threats. The attacks included BYJU's, IIM Kojhikode, and Tamil Nadu's Directorate of Technical Education, according to the report.

    "Overall, the United States was the second most hit country globally, with 19 occurrences recorded, accounting for 86% of the threats in North America. Ransomware assaults on major universities like Howard University and the University of California are among them. In addition, high-risk API flaws in Coursera, the huge open online course provider, were discovered," it said.


    The global education and training market, both online and offline, is estimated to reach USD 7.3 trillion by 2025, according to Darshit Ashara, the Principal Threat Researcher at CloudSEK.

    "The expanding education technology market, population growth, and increased digital penetration in developing countries contribute to this optimistic picture.  As a result, it's no surprise that fraudsters are targeting entities and institutions in the industry," he added.

    Remote learning adoption by schools, universities, and related entities to combat the disruption caused by the ongoing Covid-19 pandemic; large-scale digitisation of educational content material, student data, and documents; and online learning platforms catering to the needs of everyone from preschool children to retired professionals are among the reasons cited in the report as driving the trend.

    Several cybercriminals are aggressively leaking databases, accesses, vulnerabilities and exploits, and other information belonging to educational institutions on cybercrime forums, the report's findings indicate.    

    "The most typically requested data kinds are databases and accesses. The databases leaked from educational institutions primarily contain Personally Identifiable Information (PII) of students and their families, such as name, date of birth, email address, phone number, physical address; website user records and credentials; and examination results and scores," the report said. 

    Given the scale and significance of the education sector, the experts claimed in the research that it is vital for institutions, students, parents, teachers, and the government to guarantee that the information obtained and kept is not leaked and exploited by cybercriminals.

    Educating consumers about cyber-attacks, online frauds, and phishing attempts; putting in place robust password regulations and enabling multi-factor authentication (MFA); Regularly updating and patching software, systems, and networks; maintaining several backups in distinct and safe locations, both online and offline; are among the several suggestions made in the report including monitoring logs for anomalous traffic and activity on websites and other applications.

    "Using network firewalls, the institutions should block bogus IP addresses and disable port forwarding. They should monitor the internet in real-time to discover and neutralise low-hanging dangers like misconfigured programmes, unsecured data, and leaked credentials, which cybercriminals use to launch large-scale attacks," the report suggested. 

    "Students, parents, educators, and staff should avoid clicking on strange emails, messages, or links, should not download or install unapproved apps, should use strong passwords, and enable multi-factor authentication (MFA) across accounts," the report added. 


    Weather Forecast