As technology continues to play an increasingly critical role in education, cyberattacks are increasingly becoming a concern. The education sector globally was often overlooked when it came to protecting its network and data largely because most people did not consider it a high-stakes target.
That kind of perception would have been forgiven pre-2020 but not now. A lot has changed since then driven by a shift and in most cases, the full adaption of online classes for most learning institutions across the globe.
Regionally, the rapid adoption of online and hybrid education has accelerated the Middle East online education market, which is expected to expand at a compound annual growth rate of 9.8 percent by 2023.
The UAE online education market is expected to grow by 10 percent over the same period driven by the government’s efforts to digitise the education space and a ballooning demand for online education and e-learning.
While such developments are welcome, they also expose schools’ unprotected networks to cyber-attacks in the form of data breaches among others.
Growing concern
With K-12 schools, universities, and vocational-technical schools relying on technology more than ever due to the pandemic, the number of cyberattacks has increased substantially.
However, securing these systems poses a significant challenge, even for skilled IT professionals.
This is particularly true when navigating different levels of access for each user community, which creates higher risks since networks must be open to employees, students, and others.
MSPs/MSSPs providing cybersecurity to schools and colleges face many challenges, including media devices that can be connected to computers such as thumb drives, external hard drives, CDs, and DVDs, as well as outdated software.
Data breaches are becoming increasingly more significant, with recovery times ranging from two to nine months, according to the Government Accountability Office. MSPs/MSSPs must contend with sophisticated foreign governments and crime syndicates, as well as lone-wolf hackers targeting employees’ and students’ medical records and other sensitive information.
Implementing tough policies
Cybercriminals use several common methods to gain access to school systems’ data, including phishing scams, ransomware attacks, distributed denial of service (DDoS), and Zoom bombing. To mitigate these risks, the Readiness and Emergency Management for Schools (REMS) advises schools and school districts to implement cyber policies, including filtering and blocking applications like firewalls, encryption, and anti-virus/anti-malware systems.
Unfortunately, K-12 schools face budget constraints, with nearly one-fifth of them investing less than one percent of their overall IT budget on cybersecurity, according to the Nationwide Cybersecurity Review (NCSR).
However, the average cost of a data breach in the US hit $9.4m (AED34.5m) in 2022, making it imperative that resources be made available to contain it, even in an environment with limited funding. In comparison, the average cost of a data breach in the UAE hit $6.53m (AED23.9m) in 2020, according to IBM’s Cost of a data breach 2022 report.
MSPs must, therefore, lead the way in creating more robust and sustainable cyber defences to protect these institutions. Infrastructure is a prominent concern for IT teams and administrators due to the number of devices and diversity in operating systems. Universities, in particular, have huge networks that make them vulnerable to cyberattacks. In many cases, educational institutions have more to protect than just academic records.
Best practice
To mitigate these risks, MSPs must implement best practices for the safety and privacy of their clients. Limiting which employees can access sensitive data is a good start. However, modernising network security with backup systems and integrated protection is critical for cyber hygiene.
The education sector in the UAE should take critical steps to safeguard learning institutions from attacks that could cripple the industry.
Some of these steps include the adoption of multiple approaches designed to cyber protect e-Learning, such as increasing awareness through training teachers and students, deploying firewalls and intrusion detection systems to protect schools’ networks, conducting random vulnerability assessments and penetration tests to expose any unwanted loopholes, and developing a comprehensive incident response plan.
As technology continues to evolve not to mention driving the growth of the education sector globally, key players in the industry need to put in place solid and stringent measures that will ensure that learning institutions effectively keep cyberattacks at bay.
With most institutions now relying on technology more than ever, the number of cyberattacks is bound to increase substantially if robust cyber protection strategies are implemented.