The country’s top education regulator has ordered colleges, institutions, and universities to create a cybersecurity ecosystem. Because it deals with large volumes of data on students, employees, and others, education is a prime target for cyber fraud. It is also a frequent user of online financial transactions, making it a convenient target for fraudsters. Institutions are vulnerable targets for cyberattacks due to a lack of awareness, poor finances, and limited resources. More than 1,000 spear-phishing attacks targeting educational institutions were discovered by Barracuda Networks. In 2020, about 1.16 million cyberattacks were recorded, up nearly thrice from 2019.
Key Highlights
- India’s top education regulator has ordered colleges, institutions, and universities to create a cybersecurity ecosystem.
- Because it deals with large volumes of data on students, employees, and others, education is a prime target for cyber fraud.
- In 2020, about 1.16 million cyberattacks were recorded, up nearly thrice from 2019.
- More than 1,000 spear-phishing attacks targeting educational institutions were discovered by Barracuda Networks in 2020.
- Lack of awareness, poor budgets, and limited resources make institutions and schools attractive targets for cyberattacks, which “sadly, makes attacks more effective”
The University Grants Commission (UGC), India’s highest higher education regulator, has advised colleges, institutes, and universities to tighten their cybersecurity mechanisms and create a cybersecurity ecosystem, as online education has become the new normal.
This comes as India deals with a spike in cybersecurity incidents following the pandemic, as many services, including schooling, have moved online.
Because it deals with a large number of data on demographic and professional records of students, employees, and related education sector, education is a prime target for cyber fraud. It is also a frequent consumer of online financial transactions, making it an ideal target for hackers.
Higher education institutions with more than 50,000 students have also been encouraged to be vigilant and report cybersecurity events by the education authorities.
In a letter to universities, the UGC stated that its goal is to “strengthen cybersecurity,” “address the unforeseeable difficulties of cybercrime,” and “create an ecosystem for cyber security in HEIs (higher education institutions).” A copy of the letter has been viewed by Mint.
Institutions must educate employees and students on the Indian Cyber Crime Coordination Centre and steps taken by the home ministry to prevent cybercrime, according to the education regulator.
The regulator’s instruction might serve as a model for the entire education sector at a time when the use and integration of technology in education is increasing, and the education ministry itself is emphasizing the use of technology in education to improve access and resource utilization.
Cybersecurity incidents have been on the rise recently. Between July and September 2020, Barracuda Networks, a cybersecurity firm, discovered over 1,000 spear-phishing assaults targeting educational institutions in India, according to Mint. Lack of awareness, poor budgets, and limited resources make institutions and schools attractive targets for cyberattacks, which “sadly, makes attacks more effective,” according to Murali Urs, Barracuda Networks’ country manager for India at the time.
While data on the education sector is not readily available, a government official who did not want to be identified said that rising cybercrime incidences hint to an increasing risk across the board, particularly in three sectors: education, health, and finance.
Following the lockdown implemented in the aftermath of Covid-19, India faced an increase in cyberattacks due to the increased use of digital services across the country. In 2020, about 1.16 million cyberattacks were recorded, up nearly thrice from 2019. According to the Union government’s March report to Parliament, 3,137 cybersecurity-related issues were reported on average per day in 2020.
“The Indian Computer Emergency Response Team (CERT-In) has reported that a total number of 394,499, 1,158,208, and 607,220 cybersecurity events were recorded during the years 2019, 2020, and 2021 (up to June) respectively,” the Centre told Parliament in July.
