5 tips to avoid cyberattacks on EdTech platforms

Posted by Samson Santharaj, product consultant, ManageEngine, 07-12-2020

As the COVID-19 pandemic rages on, many educational institutions have been forced to shift their on-campus classes to online classes. Various EdTech platforms have also launched free classes that have prompted students to try their hands at digital education. With more students turning to online learning than ever, these platforms have emerged as a lucrative target for cybercriminals.

Admittedly in recent years, several cyber-related incidents targeting the education sector in Singapore have taken place, including breaches at the National University of Singapore (NUS) and Nanyang Technological University (NTU). According to NTT Limited's 2020 Global Threat Intelligence Report, the education sector (29 percent) in the island nation has been subject to more cyber attacks, only next to the government sector (38 per cent), between October 2018 and September 2019.


While the scenario is frightening, EdTech vendors and institutions have the power to reverse the trend by putting calculated cybersecurity protocols in place. In this article, we will discuss five tips for implementing these protocols and minimizing the risk of suffering a data breach.

 Tip 1: Hunt for threats   

To hunt for threats means to proactively search for malware or attackers that are lurking in your network. These days, attackers have become dangerously good at breaking into and hiding in enterprise networks for long periods, which can prove very costly for organizations.

Although traditional security tools can deal with commonly known threats, you still need to worry about the unknown ones, which are more likely to include different types of advanced persistent threats (APTs) that can cost your organization heavily.

One way to hunt for threats is to perform in-depth log analysis, which involves sifting through logs from different sources and investigating the ones that don’t align with normal network activity and indicate suspicious activity.

 Tip 2: Regularly fine-tune your security tools to capture the indicators of attack    

Apart from deploying security tools, monitoring them is essential to ensure your network remains secure. Monitoring the events occurring in security tools can give deep insights into your overall network security.

Using an efficient security information and event management (SIEM) solution is the best way to monitor all your security tools and devices from one place. It can provide an overview into an organization’s network infrastructure by collecting log data from different sources like firewalls, antivirus software, and intrusion detection appliances, and correlating it to initiate automated remediation responses and generate reports.

 Tip 3: Prevent unauthorized access to your network   

Apart from using firewalls and reviewing server logs for detecting malicious activities, ensure that unauthorized users cannot access your network remotely. Below are some important points to be implemented in order to prevent unauthorized access:

·        Use a virtual private network (VPN) for encrypted communication.

·        Implement multi-factor authentication (MFA).

·        Restrict functions based on access control lists.

·        Use email filtering to block malicious attachments.

·        Implement a strong password policy.

·        Limit permissions to prevent privilege escalation attempts.

 Tip 4: Build an incident response plan, and be reactive   

No matter how strong your cybersecurity posture is, there’s always the possibility of a cyberattack that could entirely cripple your network. Don’t wait for the day when you experience your first attack to come up with a plan.

An incident response plan is a blueprint to help an organization detect, respond to, and recover from network security incidents. These plans address issues like cybercrime, data loss, and service outages that threaten everyday work. A well-crafted incident response plan will help your organization perform at its best by preparing for the worst.

An effective incident response plan focuses on six key aspects:

·        Forming an incident response team

·        Detecting the source of the breach

·        Containing the breach and recovering lost data

·        Assessing the damage and severity

·        Notifying affected parties, so they can protect themselves from identity theft

·        Practice and training

 Tip 5: Have a forensic readiness plan   

According to Forensics Readiness Guidelines (NICS, 2011), forensic readiness is having an appropriate level of capability in order to be able to preserve, collect, protect and analyze digital evidence so that this evidence can be used effectively in any legal matter, in a security investigation, in a disciplinary proceeding, in an employment tribunal, or in a court of law.

The benefits of having a forensic readiness plan are that it:

·        Minimizes the cost of cyber investigations

·        Blocks the opportunity for malicious insiders to cover their tracks

·        Cuts down the time required to identify the attack vector

·        Helps you recover from attacks effectively

·        Reduces the cost of legal requirements for disclosure of data

·        Helps with insurance claims

Having a forensic readiness plan in place ensures that the required digital evidence is readily available and in an acceptable form in case of a data breach. Organizations that already have a forensic readiness plan should check to see if they’re reaping these benefits and, if not, reevaluate it to improve its effectiveness.

As more students enroll and study on e-learning platforms, it is crucial for EdTech vendors to follow the tips given above and be more vigilant on security posture assessment, regulatory mandate compliance, and data protection obligations. The best way to achieve that vigilance is to implement a powerful security information and event management (SIEM) solution to meet all your network security and compliance challenges.