The year 2020 is certainly a year of change. The pandemic changed every aspect of our lives, keeping people more connected than ever virtually. From work from home to study from home, all the regular activities took a sudden shift towards the digital revolution. Like the health care sector, the education sector also encountered greater challenges while connecting with the students via digital classrooms.
Cyberattacks Rise with E-Learning
As educational institutions and students switched to e-learning options via online portals and applications, opportunistic cybercriminals paved a way to exploit the pandemic to their advantage. Various security incidents were reported in which threat actors targeted e-learning portals with various kinds of phishing attacks, fake domains, and other malicious activities to steal users’ personal information.
By Rudra Srinivas, Senior Feature Writer, CISO MAG
A survey from Kaspersky revealed a surge in distributed denial-of-service (DDoS) attacks on online educational services in 2020, compared to 2019. The total number of DDoS attacks increased by 80% in the Q1 of 2020, compared to Q1 2019. Between January and June 2020, the number of DDoS attacks affecting educational services increased by 350%, with the largest rise reported in January 2020, by 550%.
Cybersecurity in Online Learning
Not only schools and colleges, but employers also relied on e-learning platforms to educate their employees on various security topics. Online learning portals share similar features and challenges as other internet-based services, requiring the sharing and distribution of users’ data.
E-learning platforms usually become victims to cyberattacks or any other security incidents when:
- Cybercriminals deliberately launch malware or DDoS attacks
- Users fail to patch vulnerabilities, coding problems, or unknown security loopholes
- Employees or students inadvertently click on malicious links or phishing pages
- Hackers deliberate acts like cyberespionage campaigns or unauthorized intrusion
Hence, organizations providing e-learning services should emphasize more on enhancing security risk management and users’ data privacy. They must provide a secure learning environment by analyzing the potential risks from various threats and vulnerabilities.
Mitigating Cyberattacks on E-Learning Platforms
1. Be Cyber aware
It is essential to be aware of the everyday cyber environment. Multiple incidents were reported where teachers were not able to recognize signs of potential phishing emails or links. Educational institutions need to proactively update their teaching staff on basic online safety and security measures, including information on ‘how to detect phishing emails,’ so that they can share the same with their students. This would help control human error because threat actors use social engineering techniques to exploit human psychology.
2. Formulate a Disaster Recovery Plan
CISOs and security leaders need to be prepared to act immediately in a crisis such as ransomware, DDoS, or brute-force attack – to avert a data breach. Robust incident response and disaster recovery plan will help educational institutions to mitigate, recover from the situation and find out the root cause of the issue as well.
E-learning is here to stay. It is high time institutions consider additional security measures to protect students and staff from evolving cyberthreats. While most educational institutions primarily focus on in-person training related to administrative systems, implementing security measures for e-learning will be a good start towards secure virtual learning.
About the Author
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
Read More from the author.