24th April 2021, Kathmandu
E-learning or electronic learning, Is the delivery of learning and training through digital resources or devices such as computers, tablets, and even cellular phones that are connected to the internet anytime and anywhere with few, if any, restrictions.
Elliott Maisie coined the term “eLearning” in 1999, marking the first time the phrase was used professionally. Though the strength of e-learning is only growing each year, the year 2020(a year of change) took a sudden shift towards the digital revolution including work from home to study from home and all the regular activities.
As educational institutions and students switched to e-learning options via online portals and applications, many opportunistic cybercriminals have paved a way to exploit the pandemic to their advantage. Various security incidents were reported where threat actors targeted e-learning portals with various kinds of phishing attacks, fake domains, and other malicious activities to steal user’s personal information. Not only schools and colleges, but employers also relied on e-learning platforms to educate their employees on various security topics.
A survey from Kaspersky revealed a surge in distributed denial-of-service (DDoS) attacks increased by 80% on online educational services in 2020, compared to 2019. Between January and June 2020, the number of DDoS attacks affecting educational services increased by 350%, with the largest rise reported in January 2020, by 550%.
E-learning platforms usually become victims to cyberattacks or any other security incidents when:
- Cybercriminals deliberately launch malware or DDoS attacks
- Users fail to patch vulnerabilities, coding problems, or unknown security loopholes
- Employees or students inadvertently click on malicious links or phishing pages
- Hackers deliberate acts like cyberespionage campaigns or unauthorized intrusion
Hence, organizations providing e-learning services should emphasize more on enhancing security risk management and users’ data privacy. They must provide a secure learning environment by analyzing the potential risks from various threats and vulnerabilities.
In the recent past, hackers targeted multiple e-learning portals to steal users’ personal information. India-based online learning platform Unacademy also suffered a data breach that exposed details of 22 million users. Cybersecurity firm Cybele revealed that the unknown hackers kept 21,909,707 user records for sale at $2,000 on darknet forums. The compromised information included usernames, hashed passwords, date of joining, last login date, account status, email addresses, first and last names, and other account profile details. Earlier, a Spanish e-Learning platform 8Belts suffered a data breach that exposed the personal data of over 100,000 e-learners across the globe
Mitigating Cyberattacks on E-Learning Platforms
It is essential to be aware of the everyday cyber environment. Multiple incidents were reported where teachers were not able to recognize signs of potential phishing emails or links. Educational institutions need to proactively update their teaching staff on basic online safety and security measures, including information on ‘how to detect phishing emails,’ so that they can share the same with their students. This would help control human error because threat actors use social engineering techniques to exploit human psychology.
CISOs and security leaders need to be prepared to act immediately in a crisis such as ransomware, DDoS, or brute-force attack – to avert a data breach. A robust incident response and disaster recovery plan will help educational institutions to mitigate, recover from the situation and find out the root cause of the issue as well.
E-learning is here to stay. It is high time institutions consider additional security measures to protect students and staff from evolving cyber threats. While most educational institutions primarily focus on in-person training related to administrative systems, implementing security measures for e-learning will be a good start towards secure virtual learning.