It didn’t take long before everything went online. With the COVID-19 breakout, the transition from offline to online was quick and happened overnight.
Education, corporates, and almost all business were suddenly switched to digital spaces. Remote learning and work indeed is a blessing during the pandemic. However, one unifying element in all of these is that we are online more than ever. And that’s making cybersecurity more important than it’s ever been.
As per 2020 CrowdStrike Global Security Attitude Survey’ by US-based cybersecurity technology company CrowdStrike more than one-third of Indian organizations have paid $1-$2.5 million as a result of malware attacks in the last year. The survey found that in India, ransomware, general malware, phishing, and password attacks are the major concerns for organizations, with 90% of them threatened by e-crime, 77% concerned by hacktivists, followed by insider threats and threats from nation-states. More than half of the organizations feel that nation-state attacks will be the biggest concern for 2021.
With spending long hours on the internet and increased dependency on digital tools, we are exposed to cyber threats more than ever. Hackers are targeting people's increased dependence on digital tools. In moments of desperation and crisis, it becomes easier for us to fall prey to cybercriminals. With online communication and activities, there is a possibility that you end up clicking on the scam email that breaches your security layers and extracts your data. This also calls for added security measures for our children who are spending long hours on the internet for their schooling. The responsibility of this added security falls on school authorities as well as parents.
The recent case of a Chinese firm that came forward is an example that stresses the importance of understanding the online world. As per reports the company with suspected ties to the Chinese government was amassing a database of detailed personal information on 2.4 million people, including more than 50,000 Americans, according to findings by an independent researcher and an Australia-based cybersecurity firm. “The database was compiled by China's Zhenhua Data Information Technology Co. The company was founded in 2017 and had offices in Shenzhen and Beijing. Its mission, according to a screenshot of their website, which was deleted not long ago, is to aggregate global data and help the great rejuvenation of the Chinese nation."
In August 2020, edtech platform Edureka also reported having suffered a server breach which compromised data of more than 2 Million users. The data breach compromised users’ names, addresses and contact details.
Another incident happened in Gurugram-based online school management platform Skolaro.
Not taking privacy seriously enough led to exposed data belonging to over 50K students studying in around 100 Indian schools, their parents as well as teachers, after storing its database in unsecured servers.
WhiteHat Jr also found a bug in their system, which made its data of over 2.8 lakh students vulnerable. In November 2020, the Quint quoted a security researcher who reported the bug to WhiteHat Jr, who said, “According to what I found out the personal data of over 2.80 lakh students including names of their parents were lying exposed due to a vulnerability on the company's server-side.”
After schools have shifted to online studies it has become more important for the authorities to mandate the regulations and ensure that the technologies they are incorporating provide a safe online environment for students. Also, the need for incorporating safe digital education and cybersecurity curriculum has come forth. In light of the current crisis, adding cybersecurity to the curriculum has become a must.
Opposed to previous generations, students today are well versed with digital technologies and are brought up around advancing technologies. They are quick to explore and make use of advancing technology. While both the students and teachers are heavily relying on internet accessibility, there is a dire need to helps students develop healthy digital skills for both their personal as well as professional lives. A survey by the National Cyber Security Alliance and Microsoft found that 91 per cent of teachers believed cybersecurity should be taught. Delivering this knowledge and skillset could well lead to increased interest in the subject as a whole and could lead to more students being inspired to take up a career in it.
Since we have incorporated technology to the maximum level, we would need to ensure a safe space with maximum measures in place. This is not only limited to educating children about the ethical use of the internet and practices to stay safe in the online world. But the major work is on to the authorities to ensure that they are providing a safe online environment. People who do not have a technical background can develop soft skills and learn the ethical use of the internet however Security professionals must be there to communicate complicated subjects to people.
With multiple things working online, two things that play a crucial role in smooth functioning are the faster speed of broadband service and cloud computing. According to The Brookings Institute, “5G networks thus create a greatly expanded, multidimensional cyber-attack vulnerability. It is this redefined nature of networks—a new network ecosystem of ecosystems—that requires a similarly redefined cyber strategy.” Further stating that “the increase in cyber vulnerabilities of software, it would be difficult to retool how organizations would secure the most important network of the 21st century.”
Advancing modern technologies such as IoT is exponentially increasing the number of connected devices to the extent that there will be around 200 billion connected devices by the end of 2020. Cyberwarriors are increasing their knowledge while hackers can now utilize artificial intelligence and machine learning to trigger automated cyber-attacks that can easily compromise secure systems without any human intervention. These automated cyberattacks pose a global scare and can be done on a mass volume.
More use of cloud computing: According to the latest worldwide market study by Canalys, cybersecurity solutions for public cloud and ‘as a service’ accelerated in the first quarter of 2019. Those deployment models collectively grew 46 per cent year-on-year. The GAO Finds Cybersecurity Risks as Agencies Increase Cloud Use. Federal agencies are increasingly using cloud computing services and the Office of Management and Budget (OMB) requires them to use the Federal Risk and Authorization Management Program (FedRAMP) to authorize use.
Since the mode of communication has shifted online Exchanging sensitive data comes a part of it. While we are busy sending emails and using apps that usually ask for our access to data that we willingly say yes to is exposing us to share our information we don’t have to. People are going to rely more on emails to exchange documents and information. Without adequate protection I.e.: encryption, organizations may lose confidentiality and integrity of their data.
The recent news about Unacademy’s data leak shook the industry. A database of nearly 22 million users of Unacademy with contacts of employees of Google, Infosys, Wipro, Cognizant, and its investor Facebook is up for sale on the dark web, as per the US-based security firm Cyble. The company had suffered a breach in January following which contacts were put up for sale as recently as 3rd May for $2000, the firm said.
As per Cyble, the database includes usernames, email addresses, passwords, first and last names, date joined, last login date, account profile, and account status (whether the account is active or not). In a statement to the security news website, BleepingComputer, Unacademy confirmed that basic information related to 11 million learners had been compromised but said that no sensitive information such as financial data, passwords, or location had been leaked. The firm said it is conducting further background checks and will keep users updated.
Even after the pandemic ends, we will witness a rise in technology integration across education and various jobs. The more we expose and integrate technology, the more we become prone to cybercrimes. The only right way to make sure your using technology while being safe is to be aware of the ethical use of the internet, data sharing, and more such practices that will keep us safe in the online world. Apart from this, organizations must consider the potential threat and their consequences and have departments and regulations in place that take care of the online activities and ensure that people working online have a safe place to be. Schools must include cyber education as a part of curricula and teach children about the rights and wrongs from the very beginning. Since children today start using technology at a very young age it is best to help them cultivate the right practices from the very beginning.
As an individual, if we use internet ethically and practice it with caution, we can keep ourselves safe from the cybercriminals. As for the authorities and cybercrimes that happen on an organizational level, it is essential to have personnel in place that are experts in the field and know how to take care of the ill practices that can happen in the online world.