Safeguarding India’s Education Sector against Ransomware
The Education sector is critical to drive an inclusive growth that caters to a diverse socio-economic fabric of India. The introduction of Indian Education 2020 policy reforms further puts the emphasis on making India a truly vibrant knowledge economy. Adding an additional layer of digitization, further adds radical transformation to increase penetration and innovative ways of imparting quality education. From increasing adoption of online learning to leveraging WhatsApp groups for student-academia communication puts the spotlight on managing and protecting sensitive data effectively.
Half of India’s population is under the age of 25 years and presents enormous growth opportunity. According to ResearchAndMarkets.com’s ‘Online Education Market in India 2019’ report, Indian online education is expected to reach Rs. 360 billion by 2024. With increase in online classroom, students and staff connecting through remote networks has opened new channels for potential cyber threats.
As systems continue to evolve, it is crucial that education institutions data security strategy advances at the same speed. This means ensuring watertight protection of educational data against one of the most common forms of attack, ransomware. Data collected on students, staff and teachers may be highly personal or sensitive and could include student performance data, demographic characteristics, or responses to surveys. This data is attractive to a potential hacker because they understand the impact a data breach could have on an institution’s reputation, and so therefore see a better chance of obtaining a ransom for their crime.
By taking proactive as opposed to reactive precautions, this face-off might never be necessary. IT teams within education institutions should consider a data protection strategy on a foundation of education, implementation, and remediation to be impermeable from the word go.
Understanding the risks
The journey of understanding starts after the threat actors are identified. Remote desktop protocol (RDP) or other remote access tools, phish and software updates are the three main mechanisms for entry. Knowing this could help your institution focus its investment strategically, enabling maximum resilience against ransomware from an attack vector perspective.
Most IT administrators use RDP for their daily work, with many RDP servers still directly connected on the Internet. As a result, over half of ransomware attacks currently use RDP as an entry pathway. Those not accessing via RDP, may instead choose phish mail as their method of choice. If you are ever unsure if you have received a phish email, there are two popular tools that can help assess the risk to your organization These are Gophish and KnowBe4. It is also essential to keep in mind the need to update critical categories of IT assets such as operating systems, applications, databases and device firmware. Extend this thorough approach to data centres, too, as they can be just as susceptible to attack as the data housed on-site.
When it comes to a ransomware attack, its resiliency hinges on how the backup solution is implemented, the behavior of the threat and the course of remediation. As an important part of ransomware resiliency, implementation of backup infrastructure is a critical step.
Backup repositories are an essential storage resource when it comes to ransomware resiliency, so it is recommended that access to those within the organization is not permitted. Insiders having the permissions to access this data could lead to potential leaks outside of the organization, so it is recommended that these responsibilities are managed by a third party where possible.
Despite ensuring your institution is educated around the threats of ransomware and implements the correct techniques accordingly, you should always be prepared to remediate a threat where necessary.
If you do suffer an attack, your next steps to remediating ransomware are:
- Do not pay the ransom.
- The only option is to restore data.
One of the hardest parts of recovering from a hack is decision authority. Make sure you have a clear protocol in place that establishes who will make the call to restore or to fail over your data in the event of a disaster. Within these business discussions, agree on a list of security, incident response and identity management contacts that you can call on if needed. When a breach happens, time is of the essence, so you will thank yourself for having prepared in advance.
Much like you would invest in insurance for your home, you should consider backup an investment in the same vein. It is something you hope never to need, but if the worst happens, your institution is protected, and your staff and students’ data is safe. By properly educating your colleagues on the risks, implementing the appropriate infrastructure and having the appropriate remediation protocols in place, you will not only increase your resiliency against a ransomware attacks but also avoid data loss, financial costs or reputation damage to your institution.
With digital learning becoming the new normal in India, incidents of ransomware and similar attacks show no sign of deceleration in the years to come. Hence, it’s important for every Indian education institution to realistically assess their changing risk profile and invest in the right IT capabilities. Deployment of reliable and flexible cloud data management and backup solutions can enable education institutions to effectively prevent, detect and restore from a ransomware attack without ever having to give-in to a ransom.
(The article has been authored by Rick Vanover, Senior Director of Product Strategy, Veeam Software and Sandeep Bhambure, Vice President and Managing Director, India & SAARC, Veeam Software. The views expressed in this article are their own)