The COVID-19 pandemic has created a unique cybersecurity environment that hackers are seeking to exploit and, unfortunately, the education sector is a top target for attackers. As per recent research reports, schools, colleges and educational institutes that are embarking on a year of online learning, are unprepared for this new wave of threats and their IT departments are grappling with the new challenge. In an exclusive interaction with CXOToday, Milind Borate, Co-founder and Chief Technology Officer at Druva, explains some of these recent cyber security challenges owing to the transition from an extensive offline learning model to an entirely online one and why the education sector in India is in need of a data protection strategy.
CXOToday: With a major shift to online learning in recent months, how vulnerable is the education sector to cyber risks?
Milind Borate: In light of the COVID-19 pandemic, the transition from an extensive offline learning model to an entirely online, one has been very sudden in the country. Most educational institutes did not have the required infrastructure or resources to transform overnight. While they did adopt the technology eventually, the crucial aspect of ensuring protection from threats was not considered. This has exposed educational institutes to even greater risks. The extensive use of collaborative tools online such as Zoom, Google Classroom, Moodle, Blackbeard Learn, etc., makes it easy for malware and ransomware to be delivered and spread throughout an institute’s network – without an easy way to recover from such attacks.
CXOToday: Is the education sector in India doing enough to make students aware about cybersecurity, especially as COVID-19 has made the cyber space more vulnerable?
Milind Borate: The government and stakeholders in the education sector are gradually recognizing the need to address this looming concern. The HRD Minister has released guidelines for online education ‘Pragyata’, which outlines suggestions for administrators, school heads, teachers, parents, and students in the cybersecurity space. CBSE has also recently released a manual on cyber security for learners.
While steps towards creating awareness regarding threats that remote learning entails have been initiated, the sector needs to be more aggressive in its approach. Educational institutes should revamp their IT infrastructure and impart proper training of teachers as well as students in data protection practices.
CXOToday: What are the precautions an education sector can take to avoid data breach?
Milind Borate: To protect students, teachers, and the entire education community, some of the best practices to consider are:
Backing up data offsite: Backing up data proves instrumental to recover from a ransomware attack. Some backup services can also detect that a ransomware attack has happened due to patterns in the data and notify administrators so that may immediately stop and remediate the attack.
Implement automation systems: Automating systems can save IT teams’ time and simultaneously stay ahead of detecting and preventing cyber-attacks. Automation always helps IT teams to stay ahead of the curve.
Mobile device management solutions: As an increasing number of students and teachers use multiple devices, institutes need the ability to remotely wipe a system. Remote wipe can track where devices are and remotely erase data on those devices if they are stolen or lost.
CXOToday: What are the types of attacks that can happen? How important is it to anticipate risks and prepare in advance before the crisis hits?
Milind Borate: When a user accidentally clicks on an embedded link in an email, ransomware gains access to the infrastructure. These bait emails are identical to the legitimate emails that one receives on a regular basis. Once the ransomware has made its way into the system, it attempts to encrypt every file in the infrastructure that it can access. Also, it has become difficult to detect immediately. It may even start by encrypting the oldest files first and then move on to newer files. Some variants also replicate themselves to different parts of the infrastructure and delay launching the attack so that the backup process can backup multiple copies of the trigger file.
Educational institutes have now become storehouses of highly sensitive and personal data belonging to students, teachers, support staff and the entire community. A data breach can have a severely damaging impact on an institution’s reputation. Hence, they should elevate their concerns for ransomware attacks and have a data recovery plan in place.
CXOToday: What are the immediate steps that one can take when the attack hits?
Milind Borate: In the event of a ransomware attack, the institute should first of all, locate the source. Instead of waiting or relying on the ransomware attacker to tell them what is infected, institutes need to find out how to identify a system that is infected, but whose payload has not been activated. Those are the systems which one needs to find and disinfect before resuming.
Next, they should shut down everything. IT teams should disable their network and shut down all their systems to stop the ransomware from propagating further. Most ransomware products are designed to automatically spread across the network after the initial infection. Hence it is vital to shut down everything and restart as necessary while checking each system for infection.
Finally, they need to activate disaster recovery. It is imperative for educational institutes to have a disaster recovery plan that will allow them to resume operations when a ransomware attack occurs. They should also consider adopting Disaster Recovery as a Service as it makes it easy to resume operations too. In just a press of a button, all the servers which have been configured beforehand comes alive on the cloud within 15 to 20 minutes.
CXOToday: What are the data protection essentials required by the education sector, given the current times?
Milind Borate: Given the current times, an effective backup strategy is vital to address the threat of ransomware. Below are three notable requirements for data backup that the Education sector should consider:
Immutable backups: The first requirement of a backup application is to protect itself. Backup applications must ensure the data they store is immutable so that it cannot be modified or deleted for a period based on time, not on the user security level. Immutability also helps protect against another growing threat of malicious users or administrators.
Complete backup coverage: A second requirement is the frequent protection of all data, in all locations, including endpoints. Ransomware tries to infect everything. Not only are personal laptops a common way for ransomware to work its way into the environment, but they are also a common target of the spreading attack. Frequent data protection requires intelligent data movement so that the solution only sends the minimal amount of changed data to backup storage. It also requires a backup application that scales. Backup solutions may now have to track many more versions of a file and may protect many more servers than before.
Clean recovery: The third and final requirement is intelligent recovery. Ransomware’s new technique of delayed corruption of data means that corrupt files are within multiple backups. The data protection tool needs to provide the ability to quickly search across numerous backups jobs to find an unencrypted version of a file. It should also offer the ability to restore only the files the organizations were using most recently first and then recover older data later.