COVID-19 brought the world online in a very short span of time. Just like any other industry, the education sector was also forced to deploy different digital channels and tools to operate and facilitate online learning.
The hurried nature of the move meant that the digital realm was now almost free real estate for cyber attackers. For cybersecurity professionals, the burden to protect this realm had increased now more than ever.
After all, all it takes is just one tiny vulnerability in a network for cyber attackers to exploit. The brunt of such an attack is borne by university staff, professors, and millions of students. In the first half of 2022, the education industry was among the top 5 industries with the highest number of malware detections.
Education institutions are lucrative targets for cyberattacks simply due to their wealth of data. Whether it’s proprietary research data or sensitive personal information about staff and students; cyber attackers are constantly looking to steal such valuable information and hold it to ransom.
At the onset of the pandemic, amid the move to online learning, attackers seized the opportunity to cause disruption as educational institutions scurried to go digital. For instance, there were numerous ransomware attacks on schools in the US during the shift to remote learning in 2020.
Smart campuses, tougher cybersecurity challenges
See also: Keys to achieving human-centred automation testing
The post-pandemic move to hybrid learning, along with the steady adoption of 5G technology and strides in cloud technology, has also seen universities extending the digital capabilities of their physical campuses, giving rise to “smart campuses”. Smart Campuses are defined as educational institutions that use next-generation technologies to enable a "digitally connected” environment that integrates learning experiences and streamlines various services.
In Singapore, Nanyang Technological University, Singapore (NTU Singapore) partnered with Microsoft for a cloud-enabled Smart Campus to enable hybrid learning and remote work. Over in the Philippines, the University of Northern Philippines (UNP) used their grant of P25 million from the Commission on Higher Education (CHED), to implement a smart campus innovation project to improve operational efficiency. In Thailand, the Electricity Generating Authority of Thailand (EGAT) and Khon Kaen University (KKU) signed a Memorandum of Agreement to develop a smart campus with full-service smart energy solutions.
The rise in smart campuses will only make cyberattacks more inconspicuous and sophisticated. With numerous devices being used, campuses have multiple endpoints and attack surfaces in the digital realm that can be compromised, making them even more vulnerable to malicious acts.
See also: Human element still important for effective mass communication
In the first half of 2022, educational institutions were among the high-value targets of the threat actor, Earth Lusca, which conducts cyber espionage using spear-phishing lures. In 2021 alone, about 55,000 unique Singapore-hosted phishing URLs were observed; 17 per cent more as compared to the previous year.
The Achilles heel, however, of cybersecurity planning in the education industry is that schools often use outdated security tools that are rendered useless in the digital age. In some cases, they also use multiple vendors which can make threat detection and response slow and burdensome.
Local universities in Singapore faced a similar issue when they had to shift to online classes due to the pandemic. They were using multiple security solutions to detect threats across email, endpoints, servers, networks, and cloud infrastructure, and these solutions were operating in isolation from one another, making it difficult for cybersecurity professionals in these universities to have holistic visibility into the various risk areas.
It is critical for smart campuses to take their cyber hygiene more seriously and take the same ‘smart approach’ when it comes to their cybersecurity strategy and planning. The question remains – what can educational institutions do to face the cybersecurity challenges of 2022, head on?
The way forward: including XDR in the smart campus ‘checklist’
Many universities and schools were already using multiple cybersecurity vendors amid the sudden move to remote learning. As a result, they were faced with the challenge of managing overwhelming alerts from the various solutions. That made the task of securing their network a rather complex one.
In a global survey conducted by Trend Micro among IT security decision-makers across 29 countries, 62% of the respondents admitted to having blind spots that weaken their security posture. This isn’t surprising if one faces a vast amount of critical information without the right tools to help analyse and correlate it to better detect threats in their system.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
This is where XDR or extended detection and response can come in to alleviate such cybersecurity pain points.
What exactly does XDR do? Cyber threats often hide between security silos and disconnected solution alerts. With narrow, disconnected attack viewpoints, security professionals struggle to discover these threats.
What XDR does is break down these silos and collect and correlate detections and deep activity data across multiple security layers, whether it’s email, endpoint, server, cloud workloads, or networks. Automated analysis of this data helps security professionals detect threats and suspicious activities faster and act on them.
To put it simply, XDR provides cybersecurity teams with a complete and comprehensive view of the entire chain of events across security layers and tracks the bad guys.
Going forward, what universities in Singapore need to do is implement a defence-in-depth strategy which includes the deployment of various security solutions and XDR. This multi-layered approach with intentional redundancies can help improve their security system as a whole and address many different attack vectors. XDR provides them with investigative tools such as behavioural analytics and automated remediation capabilities with the ability to detect critical vulnerabilities before they escalate.
With time, cyberattacks are going to evolve and become stealthier. In the face of it, smart campuses need to become ‘smarter’ when it comes to implementing best cybersecurity practises. Just as how security measures are implemented in physical campuses, such as installing video cameras, deploying security guards, implementing ID cards and so on; such tactics need to be mirrored in the digital realm as well.
A typical smart campus checklist will include many things, but XDR should be that key item to have on the list.
David Ng is the country manager for Singapore at Trend Micro