The education system today is not limited to the four walls of a classroom. With the freedom to connect from anywhere and the wide adoption of hybrid learning, teachers and students can collaborate, participate and access learning content without being in the same space.
One trend identified by the Horizon Report is that the new learning models and digital learning solutions for higher ed will continue. These models have gradually replaced the emergency plans that were put in place at the start of the pandemic and will be accompanied by recently developed, reliable hybrid and online education.
Giving students flexibility in learning via any device increases the probability of cyber-attacks. These versatile learning practices are a major reason for the education sector to be the most affected industry by malware threats like Adware, Codecov, and Kaseya. 2022 US data suggests that the education sector has seen an increase in monthly cyberattack volume since 2021. Microsoft Security Intelligence reports that 80.46% of devices in the education industry have come across malware threats in the last 30 days.
It is no secret that higher education institutions, particularly those with significant academic research and development activities are an easy target for cybercrimes. Education boards should be taking proactive steps to strengthen their cybersecurity infrastructure and educate everyone about the risk that cyberattacks pose to institutions’
A Soft Target for Cybercriminals
The cyber risks faced by higher education institutions are a product of the COVID-19 era. It forced them to create digital infrastructures that could ensure continuity of learning amidst the new normal.
Though it was a necessary move, it also created new opportunities for cybercriminals to leverage malicious tactics to get data, from sophisticated phishing operations to simple malware tricks. So far in 2022, 27 districts with 1,735 schools have been hit with ransomware attacks in the US.
An EDUCAUSE report found that the education sector experienced over six times more malware attacks than the business and professional services sector. While higher education institutions are working diligently to improve their cyber security infrastructures, here are a few reasons for Higher Education Institutions to be easy cyber attack targets:
- Easily accessible research data
- Personal and medical students records
- Open information sharing
- Collaborative Technological Environments
How Can Higher Ed Institutions Improve their Cybersecurity Systems?
The most important factor that will help overcome cybersecurity threats is accelerating the speed with which institutions assess their vulnerabilities, developing strong security policies, and strictly implementing them. In addition to approaching cyber security issues with urgency, HE institutions should also enhance their internal protocols by
1. Adopting a zero-trust security model
A zero-trust security framework makes information inaccessible and once access is requested, there’s a check to make sure that the right individual or system should be getting access. It also provides an in-depth defense to all parts of the network.
2. Implementing MFAs and DNS Security
Domain Name System (DNS) protection can help prevent users from surfing websites that can become easy paths for cyber criminals to get information or attack the system. Similarly, Muti-Factor Authentication(MFA) layer on another verification method to ensure that the right accounts are logged into the system.
3. Manage easily through cloud security
Cloud Security provides multiple levels of protection within the network against data breaches, unauthorized access, and malware attacks making operations run faster and easier to manage. Also meeting compliance, and maintaining data integrity and confidentiality.
4. Regular training, awareness campaigns, and tabletop simulations
The staff and students of every institution should be given regular training such as tabletop simulations where students are given hands-on training about security issues, and how they can save their data, and highlight the same to authorities.
5. Conduct frequent vulnerability assessments of third-party vendors
A third-party cyber risk assessment is essential as it can be a source of possible data breaches to your network. These assessments provide an in-depth review of the security of the vendor’s product and services that can meet laid down standards and procedures.
Loss of Opportunities and Safety at Risk
The consequence of a cyber attack through online learning solutions can destroy the reputation and finances of an individual or a university. The most common type of attack is phishing. Intruders receive personal information mainly through e-mail then the victim or institute can be blackmailed with it which can lead to the theft of finances or ransom deals to return stolen data.
The recent ransomware attack on Sierra College is the second one since last year. It took more than 2 weeks for the institute to clean up the damage the first time and have its systems running again leading to a halt in proper learning till the issue could be resolved completely.
The public image of institutions is also at risk as it can further not attract new talent. Not only data breaches or network outages, but an even greater threat is also the safety of students as institutions’ information library stores a lot of personal information including social security numbers or bank records. If such data is lost or stolen from online learning solutions, the level of damage is immeasurable as it can have a direct impact on a student’s life.
Remote learning apps have also been under the radar for collecting student information and sharing it with third parties. Zoom, the video conferencing app was under major fire for the same. Some apps also gained access to students’ digital contacts and cameras and recorded the movements of students answering questions even before they click submit. Research has found that nearly 90% of education apps and websites’ information is easily available to ad technology companies which can further be hacked and exposed online.
The Human Rights Watch conducted a technical analysis on EdTech products, out of the 163 EdTech products reviewed, 145 (89 percent) appeared to engage in data practices that put children’s rights at risk, contributed to undermining them, or actively infringed on these rights. COPPA prohibits the use of personal information about children without parental consent. But companies find ways to dodge that by having schools consent on behalf of parents or by disingenuously claiming that their products should not be used by children under 13.
Cyberattacks continue to pose a threat to student learning and development. So, how can we improve digital learning? The adoption of tighter security protocols through the help of eLearning solutions providers who are well-versed with the guidelines and compliance of cybersecurity can help institutions counter immediate cyber threats and build secure products and systems. Balancing the need for increased cybersecurity with greater educational freedom is no easy task. It is, however, a necessary goal.