28th June 2021, Kathmandu
In 2020, almost 51% of business establishments were drastically impacted by ransomware. Even the educational sector is receiving threats.
While companies accelerate towards their digital transformation, Cybersecurity also moves towards risks. In addition, schools are also being digitized. Teachers and students also shift from classroom to virtual teaching techniques. This is the Covid-19 crisis. Cybercriminals exploit security vulnerabilities in distance learning and virtual teaching by planning to launch ransomware attacks against education institutions.
Recent research shows ransomware impacted 51% of businesses in 2020. Whereas, by the end of 2021 a ransomware attack will take place every 11 seconds according to Cybersecurity Ventures.
Due to the sudden transition from an offline learning model to online learning, the education sector has been one of the top targets for malicious attackers. Online learning tends to be the best solution for pandemics. It’s all possible due to technological innovations.
However, many institutes still do not have the necessary infrastructure or resources to switch overnight. With the adoption of technology, they overlooked many significant aspects of ensuring protection from threats. The use of digital tools such as Zoom, Google Classroom, etc., endangered the education institutions’ network to greater vulnerability.
In fact, malicious elements seek an opportunity to exploit security loopholes. They await the chance to launch their malware into the system. This exploitation causes disruption of virtual learning and ransomware attacks against educational institutions around the world.
Microsoft Office 365 cloud
Most businesses switched their remote working into cloud environments. Even the education sector uses cloud environments to facilitate home learning. The common process includes attackers hack systems and steal data to hold an organization to ransom.
Some applications that are prone to attacks are Microsoft Office 365 – Outlook, OneDrive, Teams, and Satchel One. It means cloud-based data storage can also be attacked.
There’s much more chance that a child accessing the web on their school tablet or laptop at home may hit suspicious links. It’s more likely that a child can be lured or they can accidentally click a malicious link. The chances are quite high.
In such a case, attackers can get connected and synced to OneDrive in the school’s Office 365 account. They can easily encrypt the school’s files and data saved in the Microsoft cloud.
Misconceptions about protection by Microsoft secure their Office 365 cloud is unreal. They provide all security necessities to ensure the safety of their Office 365 environment. However, Microsoft offers limited features to restore deleted files.
Furthermore, Microsoft instructs users to backup and protects their data by leveraging a third-party solution.
Protecting schools against potential ransomware threats
The direct connection is a bad idea since the loophole of e-learning lies in its SaaS-driven model and cloud-secured application. You can use a browser-only connection that has no connection to the school or university environment. Some methods:
- Back up your data: It’s necessary to assume the worst and save your data before anything bad happens.
- Implement a strong identity: Start treating identity as a key element for protecting their perimeter rather than depending upon firewall and VPNs.
- Consider automation: It helps to detect and prevent cyber threats. It will be easier for IT teams to stay ahead and save time.
- Scan and wipe: Encourage IT teams, to use software to scan for personally identifiable information. Ensure the sensitive data is in the most secure place. Consider using tools that can identify misconfigurations and vulnerabilities. Remote wipe to ensure the data stolen is not still out there.
- Have the basics covered: Configure systems and devices properly to prevent harm. It prevents unauthorized users or attackers from accessing that information.
