OVER the past two and a half years, the education sector has had to adapt to changes resulting from the global pandemic, just like the workplace and other economic sectors.
This includes using distance or remote learning tools and video-conferencing services such as Microsoft Teams and Zoom, in order to continue teaching students.
What people may not realise is that these new digital tools actually complicate the cybersecurity profiles of educational institutions, which were already heavily burdened by other factors long before Covid-19.
Private colleges, universities and other educational institutions are often targeted for financial gain, with Ivy League universities in the US having endowments in the billions or even tens of billions of USD, for instance.
Educational institutions also hold a tremendous amount of data on their students and staff, making them ripe targets for identity theft, with each complete identity ('fullz') going for USD265 (RM1,165) in 2018.
To make matters worse, academic institutions that conduct research and development (R&D) are also targeted for their valuable research findings and other intellectual property.
For example, universities in the UK have been hit with hacking attacks for Covid-19-related research.
Unlike the workplace, schools and universities cannot always afford to issue properly-secured endpoint devices such as laptops, tablets and smartphones to all staff and students, so academic intranets are often faced with having to grant access to all sorts of non-curated and unsecured devices.
It is also more difficult to create and maintain the appropriate levels of cybersecurity consciousness when such institutions have a fresh intake every year or more.
As a result, educational institutions are amongst the most heavily-targeted industry sectors. The education industry had the most devices that have encountered malware, according to Microsoft Security Intelligence.
Distributed Denial of Service (DDoS), as well as ransomware, are just two of the more commonly used types of attacks, with the average ransom payment in 2021 being USD112,435 (RM494,432), while the total cost of such an attack was USD2.73 million (RM12 million) – "the highest across all sectors surveyed", according to a Sophos report.
Aside from raising cybersecurity awareness and providing proactive training on best practices, what else should educational institutions do to improve their cybersecurity?
ENHANCED CYBERSECURITY WITH CELCOM
According to the Global Tech Council, installing protection against DDoS, malware and phishing attacks is one of the top five effective measures that can be taken even with a limited budget.
In Malaysia, Celcom's Cyber Guard Device solution can help educational institutions safeguard their staff's mobile devices such as smartphones and tablets.
The service encompasses a range of device security and management solutions, using machine learning to defend businesses on a device, network and application level.
As a subscription service, Cyber Guard Device also helps defend against phishing, while offering total protection on devices running Android and iOS.
Starting from a reasonable price of RM16 a month per licence, Cyber Guard Device comes with a range of subscription levels starting from Basic to Max tiers.
The Basic plan is powered by Zimperium, and allows academic institutions to install an enterprise-class, on-device security engine on Android and iOS devices that protects them against harmful WiFis and malicious apps.
PROTECTION ON ALL LEVELS
For more sophisticated levels of protection, Celcom offers the Cyber Threat range of services via its strategic partnership with Telefónica Tech, which is a member of the Cyber Threat Alliance (CTA) and the Anti-Phishing Working Group (APWG).
This covers both Digital Risk Protection (DRP) and Celcom Vulnerability Risk Management (VRM), providing academia with reliable, world-class security.
DRP uses technology, tools and expertise to monitor data sources and identify threats against an academic organisation's digital footprint.
It covers the entire lifecycle of cyber threats, starting with a 24/7 team that monitors the open web, deep web and dark web, in search of references and mentions to organisational assets.
Meanwhile, VRM identifies and remediates threats in enterprise systems through a combination of 24/7 automated scanning with both persistent as well as manual penetration testing by experts.
After a Local Analyst plans and executes a scan, the results are analysed to determine the severity of the threat and the remediation required. This is followed by 24/7 notification and reporting via the Customer Portal.
Celcom's Cyber Threat solutions are complemented by a round-the-clock dedicated cyber operations team. Besides that, educational institutions have direct contact with a Local Analyst with tailored-made deliverables based on their needs.
To find out more about Celcom's cybersecurity solutions, please visit their website.