Why higher education should care about cybersecurity

Higher education institutions worldwide have increasingly been the target of cyberattacks in the last two years, posing a substantial threat to learning standards and scientific data preservation. High-profile attacks on institutions in recent years have put the education industry on high alert.

In February this year, the Gems group of schools in the UAE alerted parents of enrolled students about a cyberattack on the group’s website. Fortunately, thanks to their robust business continuity plans, impact on their operations was minimal, but many educational institutions aren’t quite so lucky.

Cyberattackers are taking advantage of the high volume of online communications that pass between students, professors, university staff, and other on-campus visitors by employing social engineering techniques such as phishing emails, which are designed to persuade users to share sensitive information such as log-in credentials in order to breach university networks and steal data. They sometimes also use ransomware, a sort of virus that gains access to a device or corporate network and threatens to reveal the victim’s or organisation’s confidential data unless a ransom is paid. To help the country protect against these threats, the UAE has invested heavily in tightening its cybersecurity infrastructure to protect the integrity of its systems, even as the country pursues its digital economy ambitions.

Vulnerabilities of the remote learning era
For the first time, remote learning has become commonplace as a result of the pandemic. With rare exceptions, students, teachers, and administrative staff congregated on campus on a daily basis prior to the health crisis. However, the abrupt shift to regular remote or hybrid learning has resulted in an increase in cyber dangers. Thousands of students are connected remotely from personal appliances and home wi-fi networks, and an unaccountable number of endpoint devices, such as PCs or cellphones connected to a network, are scattered around the country at every university. This decentralised IT infrastructure can expose security flaws, giving attackers fresh opportunities to infiltrate.

As a result, a wave of cybercrime is hitting educational institutions and criminals are developing sophisticated digital attacks to steal intellectual property. Higher education institutions must thus employ cyber fundamentals to establish cybersecurity policies that secure learning environments and ensure that their intellectual assets are effectively protected — but there are some substantial challenges to overcome in doing so.

Technology challenges associated with remote learning
Universities may not have comprehensive visibility over all of their assets due to the nature of new decentralised IT infrastructure, and as a result, will be unaware of any devices linked to their network that may be vulnerable. Due to this lack of visibility, educational institutions frequently struggle to implement software patches and discover malfunctioning equipment in a timely manner, making IT risk reduction challenging. These organisations are unlikely to be able to respond quickly enough to avert harm if they are attacked — a circumstance that might simply be prevented by deploying complete endpoint protection. By deploying these tools, data can be automatically collected across all endpoints – allowing for laptops to create solution policies and for software updates and patches to be installed as soon as they’re needed. However, technology issues aren’t the only thing preventing institutions from progressing.

The skills challenge
At the same time, due to a shortage of funds and resources, higher education institutions are struggling to retain qualified IT expertise. Better conditions, such as increased compensation and perks, are regularly offered to IT experts in private organisations, luring the finest personnel to leave. As a result, university IT departments are frequently underfunded, overworked, and underqualified. Consequently, educational institutions struggle to manage complex IT ecosystems and require the additional assistance that endpoint visibility products can provide in order to strengthen their overall cybersecurity posture.

Best practices
Cyberattacks continue to pose a threat to learning and the security of intellectual property, while distance learning has introduced new technological hurdles and threats. As a result, educational institutions must develop strong control and security management methods.

To conclude, a university’s security policy should be laser-focused on safeguarding two of its most critical areas: student learning and research data. Strong endpoint management methods are required to achieve cyber hygiene — a set of practices for guaranteeing control of important data and securing networks. In doing so, universities will be better positioned to prevent cyber assaults for the rest of 2022 and beyond.

Oliver Cronk is the chief architect – EMEA at Tanium

Read: Dubai’s GEMS Education confirms being target of cyberattack