Genie Sugene Gan, Head of Government Affairs & Public Policy, APJ & META regions, Kaspersky
When we think of cybersecurity and cyber-attacks, schools and education aren’t typically the first sectors that come to mind. In popular consciousness, we tend to imagine sophisticated, large-scale incidents against governments or financial institutions. But around the world, the reality is that the education sector remains a common and growing target for cyber-attacks.
Globally, the education sector saw a continued rise in cyber-attacks last year compared to 2021. In the UK, this involved 62% of higher education institutions ‘experiencing breaches or attacks at least weekly’, and 71% experiencing detrimental outcomes such ass loss of funds data.
The Middle East is by no means immune. in a high-profile attack last year, the Dubai-based GEMS education group — with 40 schools in the UAE and more throughout the region — experienced a system wide hack that involved crucial files being deleted. In this incident, police responses and new measures, including recovery protocols, were able to mitigate the damage.
As with the global trends, these were largely prompted by education migrating online during the Covid-19 pandemic. By mid-2021, organizations in education and research sectors saw thousands of attacks per week — around a quarter more than the pre-pandemic levels.
We can and must do more to protect our education systems from cyberattacks — not least because children need and deserve our protection across the board.
Governments have taken bold measures to help turn the tide, particularly through robust systems to provide quick responses to all manner of incidents. This is maintained through a growing series of cybersecurity controls and protocols that kick into action when an attack is identified and reported.
These measures will remain at the heart of cybersecurity responses, and are the absolute essential ingredient. But there is more that we — in cybersecurity fields, the education sector, or simply as society — can do to advance a more secure environment for our schools.
The first is a series of solutions that builds on these core cybersecurity controls and measures into an expanded framework consisting of Policies, Education, and Technology:
Policies: On the policy front, this involves bringing a specific focus on the education sector in order to raise the attention and measures in place for all institutions being affected. Given the rise in attacks against our children’s educational institutions, and the need to protect our youth as a vulnerable aspect of society, this would involve governments creating dedicated policies for the sector — much like how finance, oil and gas, or defence have specific areas of attention.
Education: The second aspect of this framework is educating all those involved throughout the sector. This begins with policymakers on both the education front and cybersecurity fields, in order to maximize awareness of the challenges and possible responses in a fully codified manner. These educational efforts go all the way down to students and parents themselves. Anyone using connected devices must be aware of the risks and security requirements.
Crucially, this extends to the area of cyberbullying, which continues to be a rising issue as more and more youth spend time online and using social media sites. In the UAE, 32% of children have come across cyberbullying, and it is a primary concern for more than half of parents. School curricular should reflect this reality, covering practical education on cyberthreats and cyber hygiene for our children. Addressing these issues at an early stage will not only help reduce children’s negative experiences online — it will also contribute to safer systems for schools on an institutional level.
Similarly, education involves ensuring full understandings by the administrators and decision-makers at institutional and organizational levels, to ensure that the latest international practices are being adopted across all potentially vulnerable areas. Cybersecurity is a constantly evolving environment due to the fact that bad actors are always looking for new technologies and gaps to exploit. It requires permanent vigilance, threat assessment, and system upgrades to stay one step ahead.
Technology: As a result of this changing landscape and need to adapt, there is also a technological component to bolstering education sector cybersecurity. We can look at robust and dedicated Security Operations Centres for the education sector specifically. These centres are crucial to help prevent, detect, and respond to cyber threats. We can also look at more simplified or localized tools and technologies to be rolled out to school students and parents, in order to help ensure proper adoption and implementation of measures.
In looking at this type of framework for the education sector, there is a lot of opportunity for public private partnerships in building out best practices and new localized programs on national and organizational levels. At Kaspersky, we have a range of initiatives that we have invested in adapting for the Middle East region to be as effective and wide-reaching as possible. This includes content and resources for children specifically, such as our Arabic version storybooks and activations to help children understand threats and best practices. For example, our “Green Bear” and “Very Special Race” storybooks have been rolled out through the region, providing schools and parents with new options to work towards these goals. There is always a need to have these kind of resources as localized and relevant as possible, and partnerships with local policymakers and institutions across the sector will be an important step.