Continuous learning: Kaspersky experts share cybersecurity guidelines for organisations in the Education sector

(MENAFN- Bashir Mraish Consultancy) Kaspersky experts share an overview of cyberthreats targeting the education sector, as well as cybersecurity guidelines and best practice measures for organizations within this sector.

According to Kaspersky experts, among top cyberthreats to educational organizations are the following:

Ransomware attacks, where threat actors encrypt files and demand payment for the decryption key. These attacks can severely disrupt operations, making critical data and systems inaccessible or lead to data loss. Last year one of the largest universities in Australia, the University of Queensland, experienced a ransomware incident that disrupted access to academic and administrative systems.
Data breaches mean unauthorised access to sensitive data, that can occur through hacking or insider threat and can lead to exposure of personal and financial information, identity theft, legal and regulatory consequences. For example, last year the U.S. Stanford University reported a data breach involving PhD program application information of 897 people.
Phishing attacks involve deceptive emails or messages that trick individuals into divulging sensitive information, such as login credentials or financial details, which can further lead to financial losses and data breaches. Kaspersky recently disclosed information on phishing campaigns targeting students and educators.

Other cyberthreats that should be mentioned are insider threats by individuals within the organization, such as employees or contractors; distributed denial of service (DDoS) attacks when a network or website is overwhelmed with a flood of fake traffic, causing it to become slow or completely unavailable; and malware and exploits of software vulnerabilities designed to damage or gain unauthorized access to systems and data.

“Educational institutions have become a target of cyber attackers, especially those spreading ransomware and phishing, because of the importance of the continuation of educational processes and the possession of valuable data (personal, financial information, scientific research, etc.). The attack surface has also increased for these organisations due to remote and hybrid learning environments. This highlights the need for robust cybersecurity solutions unified by a single management platform, for this sector. At the same time, attention should be paid to both the technical and human side of cybersecurity that involves policies and trainings among other measures,” says Yuraisha Mari, Enterprise Group Manager, Kaspersky.

Kaspersky experts share a detailed guideline for organizations in the education sector on how to stay safe from cyberthreats:

Have multi-layered security solutions for endpoints, network and cloud systems
Keep all software up-to-date
Develop and mandate security policies for all users
Utilise multi-factor authentication beyond just passwords for accessing critical systems and sensitive data
Implement access controls and update access policies for employees who leave the organisation or move to a different position
Encrypt sensitive data both in transit and at rest, to protect it from unauthorised access
Regularly back up critical data and ensure that backups are stored securely and tested for integrity
Arrange for professional trainings for IT staff, who should keep track of emerging threats and best practices
Educate all users on issues such as recognising phishing attempts, safe handling of sensitive data, and proper use of IT resources. Dedicated training courses such as the ones provided in the Kaspersky Automated Security Awareness Platform can assist
Conduct cybersecurity audits
Prepare and regularly update incident response plans to quickly address and mitigate the effects of any cybersecurity incidents
In case of becoming a victim of ransomware, do not pay the ransom. It won’t guarantee you get your data back but will encourage cybercriminals to continue their activities. Instead, report the incident to your local law enforcement agency.

MENAFN24092024004771015760ID1108711795