Cyberattacks target e-learning

Saturday 7th November, 2020

Article Details
  • View Image
  • View PDF

Cyberattacks target e-learning Abhiit Ahaskar & PrasidBaneriee NEW DELHI Mumbai's Institute of Open and Distance Learning had tocall of exams after its Server was hit by a cyberattack. In June, students of Manipal Academy of Higher Education (MAHE) alleged that the institute's online exam software was infected with malware and crashed their systems. MAHE had refuted the claims. With thousands of schools and colleges shifting to remote admissions, learning and exams after covid-19, the chinks in cybersecurity are beginning to show. Cybersecurity firm Barracuda Networks, for instance, | n August, University of Cybersecurity is not a priority for most schools/colleges. HT found over 1,000 spear-phishing attacks targeting educational institutions in India between July and September. Spear-phishing refers to targeted phishing email attacks. "Lack of awareness, tight budget and limited resources make schools easy targets for cyberattacks and unfortunately, make attacks more effective," said Murali Urs, country manager, India, of Barracuda Networks. Educationalinstitutionsare prime targets for cyberattacks, given the wealth of data hosted in their servers. Online education is a fairly new concept in India, and cybersecurity is not yet a priority for most educational institutions. Security researcher Karan Saini said that personal data stolen from schools is frequently sold on the Internet and the dark web. Additionally, compromising a .edu domain, which is what most educational institutes use, TURN TO PAGE 13 Cyberattacks mar e-learning FROM PAGE 16 allows criminals to make their attacks more potent. In fact, Barracuda Networks' findings showed that 57% of infectious emails sent to institutions were from internal accounts. Saini said phishing emails sent from a .edu domain are more likely to clear spam filters on email services. A hacked server could yield thousands of email addresses ending with .edu. "When it comes to in-campus infrastructure, which includes its educational technology like smart classes, school-level ERP and attendance automation, the security standards arem't as competent as enterprises," said Vinayak Godse, vice president, Data Security Council of India , an industry body on data protection set up by Nasscom. Godse said cybercriminals can steal personal information of staff, students and parents, Cyberattacks can put the data of students and staff at risk. demand ransom and at times harm the reputation of institutions. Also, premier academic research institutions can potentially be targeted for research intelligence and intellectual property. However, cyber awareness is growing. Siddhartha Gupta, CEO of Mercer Mettl, an e-learning solutions provider, said clients are more cautious about the platforms they use. "Customers (institutes) are concerned about the security of students data with the platforms. They enquire where the data is stored, parties having data accessibility, annual data sensitization/audit and whether or not we have in-house certified data security professionals," he said. Educational institutions, on their part, are also taking steps to improve security. For instance, BML Munijal University is working on developing additional layers of defence around all end-users, including teachers, administration staff, management and students. "With the adoption of the new normal, we have discovered new attack surfacesin the organization, which requires additional layers of security around the information assets, users, network and infrastructure," said Sarabjot Singh Anand, director, computer science & engineering at BML Munjal University.